cisco asdm - ssl certificate error (server authentication purpose)

Unanswered Question
May 14th, 2010
User Badges:


i want to change the self signed certificate with a new certificate from my CA in domain.

i try to install an identity certificate from an certification authority windows 2003 r2,where i put the scep add onprotocol,so i insert value to add new identity certificate trough gui interface, all seems to work and i have my certificate

then i go to advance to ssl settings and for inside and outside certificates  i change the self certificate with the new certificate but when i apply this certificate i have prompt with this warning:

[Warning] ssl trust-point ASDM_TrustPoint3 inside

     The ID certificate associated with trust point ASDM_TrustPoint3 contains an Extended Key Usage (EKU) extension but without the Server Authentication purpose which is required for SSL use

what i have to do? change server CA settings? change router settings? change value for certificate request?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Jennifer Halim Fri, 05/14/2010 - 04:48
User Badges:
  • Cisco Employee,

You could be generating the certificate on an incorrect certificate template. Please use web server certificate template for SSL certificate.

lorenzo.baccioli Fri, 05/14/2010 - 05:50
User Badges:

i try the manual way, create a cert request and append to a web server certificate through web

then install and all seems to work

but i need to use automatic request, with scep, how i can correct this?

Jennifer Halim Fri, 05/14/2010 - 06:01
User Badges:
  • Cisco Employee,

With automatic request, you would need to check on the Microsoft CA server itself. The template for automatic request should be set to web server certificate.

David Belliveau Sun, 09/27/2015 - 22:42
User Badges:

WOW!  Thank you so much for this forum.  I'm cramming for the 640-554 before november, on the last chapter, and the last thing I need is to be halted with "extracirricular" research.  So glad this was a quick and easy answer!


Thank you!

attemborough Sat, 06/08/2013 - 07:57
User Badges:

Please check extension of the certificate template in your windows certificate service.

The Application Policy must have Server Authentication option.


This Discussion