cisco asdm - ssl certificate error (server authentication purpose)

Unanswered Question
May 14th, 2010


i want to change the self signed certificate with a new certificate from my CA in domain.

i try to install an identity certificate from an certification authority windows 2003 r2,where i put the scep add onprotocol,so i insert value to add new identity certificate trough gui interface, all seems to work and i have my certificate

then i go to advance to ssl settings and for inside and outside certificates  i change the self certificate with the new certificate but when i apply this certificate i have prompt with this warning:

[Warning] ssl trust-point ASDM_TrustPoint3 inside

     The ID certificate associated with trust point ASDM_TrustPoint3 contains an Extended Key Usage (EKU) extension but without the Server Authentication purpose which is required for SSL use

what i have to do? change server CA settings? change router settings? change value for certificate request?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Jennifer Halim Fri, 05/14/2010 - 04:48

You could be generating the certificate on an incorrect certificate template. Please use web server certificate template for SSL certificate.

lorenzo.baccioli Fri, 05/14/2010 - 05:50

i try the manual way, create a cert request and append to a web server certificate through web

then install and all seems to work

but i need to use automatic request, with scep, how i can correct this?

Jennifer Halim Fri, 05/14/2010 - 06:01

With automatic request, you would need to check on the Microsoft CA server itself. The template for automatic request should be set to web server certificate.

David Belliveau Sun, 09/27/2015 - 22:42

WOW!  Thank you so much for this forum.  I'm cramming for the 640-554 before november, on the last chapter, and the last thing I need is to be halted with "extracirricular" research.  So glad this was a quick and easy answer!


Thank you!

attemborough Sat, 06/08/2013 - 07:57

Please check extension of the certificate template in your windows certificate service.

The Application Policy must have Server Authentication option.


This Discussion