05-14-2010 04:39 AM
hi,
i want to change the self signed certificate with a new certificate from my CA in domain.
i try to install an identity certificate from an certification authority windows 2003 r2,where i put the scep add onprotocol,so i insert value to add new identity certificate trough gui interface, all seems to work and i have my certificate
then i go to advance to ssl settings and for inside and outside certificates i change the self certificate with the new certificate but when i apply this certificate i have prompt with this warning:
[Warning] ssl trust-point ASDM_TrustPoint3 inside
The ID certificate associated with trust point ASDM_TrustPoint3 contains an Extended Key Usage (EKU) extension but without the Server Authentication purpose which is required for SSL use
what i have to do? change server CA settings? change router settings? change value for certificate request?
Thanks
Lorenzo
05-14-2010 04:48 AM
You could be generating the certificate on an incorrect certificate template. Please use web server certificate template for SSL certificate.
05-14-2010 05:50 AM
i try the manual way, create a cert request and append to a web server certificate through web
then install and all seems to work
but i need to use automatic request, with scep, how i can correct this?
05-14-2010 06:01 AM
With automatic request, you would need to check on the Microsoft CA server itself. The template for automatic request should be set to web server certificate.
09-27-2015 10:42 PM
WOW! Thank you so much for this forum. I'm cramming for the 640-554 before november, on the last chapter, and the last thing I need is to be halted with "extracirricular" research. So glad this was a quick and easy answer!
Thank you!
06-08-2013 07:57 AM
Please check extension of the certificate template in your windows certificate service.
The Application Policy must have Server Authentication option.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: