cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4484
Views
10
Helpful
5
Replies

cisco asdm - ssl certificate error (server authentication purpose)

hi,

i want to change the self signed certificate with a new certificate from my CA in domain.

i try to install an identity certificate from an certification authority windows 2003 r2,where i put the scep add onprotocol,so i insert value to add new identity certificate trough gui interface, all seems to work and i have my certificate

then i go to advance to ssl settings and for inside and outside certificates  i change the self certificate with the new certificate but when i apply this certificate i have prompt with this warning:

[Warning] ssl trust-point ASDM_TrustPoint3 inside

     The ID certificate associated with trust point ASDM_TrustPoint3 contains an Extended Key Usage (EKU) extension but without the Server Authentication purpose which is required for SSL use

what i have to do? change server CA settings? change router settings? change value for certificate request?

Thanks

Lorenzo

5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

You could be generating the certificate on an incorrect certificate template. Please use web server certificate template for SSL certificate.

i try the manual way, create a cert request and append to a web server certificate through web

then install and all seems to work

but i need to use automatic request, with scep, how i can correct this?

With automatic request, you would need to check on the Microsoft CA server itself. The template for automatic request should be set to web server certificate.

WOW!  Thank you so much for this forum.  I'm cramming for the 640-554 before november, on the last chapter, and the last thing I need is to be halted with "extracirricular" research.  So glad this was a quick and easy answer!

 

Thank you!

attemborough
Community Member

Please check extension of the certificate template in your windows certificate service.

The Application Policy must have Server Authentication option.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: