Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RSA key auth error on ASA

Hello,

I am trying to authenticate cisco 851 on ASA 5520 using digital certificates from MS CA. Got this error:

CRYPTO_PKI(make trustedCerts list)CRYPTO_PKI:check_key_usage: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2

CRYPTO_PKI:check_key_usage: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2, NOT acceptable

CRYPTO_PKI:check_key_usage: No acceptable ExtendedKeyUsage OIDs found

1 ACCEPTED SOLUTION

Accepted Solutions

Re: RSA key auth error on ASA

It looks like EKU(ExtendedKeyUsage) does not match. You can try to disable EKU check by adding the following command under trustpoint config:

ignore-ipsec-keyusage

2 REPLIES

Re: RSA key auth error on ASA

It looks like EKU(ExtendedKeyUsage) does not match. You can try to disable EKU check by adding the following command under trustpoint config:

ignore-ipsec-keyusage

New Member

Re: RSA key auth error on ASA

Thanks!

325
Views
0
Helpful
2
Replies
CreatePlease to create content