09-02-2009 01:21 AM
Hello,
I am trying to authenticate cisco 851 on ASA 5520 using digital certificates from MS CA. Got this error:
CRYPTO_PKI(make trustedCerts list)CRYPTO_PKI:check_key_usage: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2
CRYPTO_PKI:check_key_usage: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2, NOT acceptable
CRYPTO_PKI:check_key_usage: No acceptable ExtendedKeyUsage OIDs found
Solved! Go to Solution.
09-02-2009 11:22 AM
It looks like EKU(ExtendedKeyUsage) does not match. You can try to disable EKU check by adding the following command under trustpoint config:
ignore-ipsec-keyusage
09-02-2009 11:22 AM
It looks like EKU(ExtendedKeyUsage) does not match. You can try to disable EKU check by adding the following command under trustpoint config:
ignore-ipsec-keyusage
09-02-2009 08:17 PM
Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: