https://community.cisco.com/t5/network-security/asa-certificate-errors/m-p/1777582#M496695 <P>I have imported a trusted wildcard certificate to a Cisco ASA 5510, that included the root and internediated CA Certs. </P><P>Everything seems to have gone well but when I run a Nessus Vulnerability scan I receive the following. </P><P><SPAN style="font-size: 8pt;"></SPAN></P><P>|</P><P>|--- *** ERROR:</P><P>|--- *** The issuing certificate is missing the key usage extension,</P><P>|--- *** which is required for all certificates that sign others.</P><P></P><P>&nbsp; </P><P>I have checked the certificates and all appears to be OK.&nbsp; </P><P></P><P>The same Certificates have been deployed to some Servers and are fine when scanned. </P><P></P><P>I have spoken to the CA, they pointed me to other root certificates which I have applied, but I still receive the same error. </P><P></P><P>Any suggestions would be greatly appreciated.&nbsp; </P> Mon, 11 Mar 2019 21:32:36 GMT leach_stuart 2019-03-11T21:32:36Z https://community.cisco.com/t5/network-security/asa-certificate-errors/m-p/1777582#M496695 <P>I have imported a trusted wildcard certificate to a Cisco ASA 5510, that included the root and internediated CA Certs. </P><P>Everything seems to have gone well but when I run a Nessus Vulnerability scan I receive the following. </P><P><SPAN style="font-size: 8pt;"></SPAN></P><P>|</P><P>|--- *** ERROR:</P><P>|--- *** The issuing certificate is missing the key usage extension,</P><P>|--- *** which is required for all certificates that sign others.</P><P></P><P>&nbsp; </P><P>I have checked the certificates and all appears to be OK.&nbsp; </P><P></P><P>The same Certificates have been deployed to some Servers and are fine when scanned. </P><P></P><P>I have spoken to the CA, they pointed me to other root certificates which I have applied, but I still receive the same error. </P><P></P><P>Any suggestions would be greatly appreciated.&nbsp; </P> Mon, 11 Mar 2019 21:32:36 GMT https://community.cisco.com/t5/network-security/asa-certificate-errors/m-p/1777582#M496695 leach_stuart 2019-03-11T21:32:36Z https://community.cisco.com/t5/network-security/asa-certificate-errors/m-p/1777583#M496697 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>Do you mind sharing the the certs and your trustpoint settings (show run crypto ca trust)?</P><P>Mind that I do not need RSA keys, just the DER or base64 of identity and subsequent certs.</P><P></P><P>Marcin</P></BODY></HTML> Sat, 01 Oct 2011 08:36:35 GMT https://community.cisco.com/t5/network-security/asa-certificate-errors/m-p/1777583#M496697 Marcin Latosiewicz 2011-10-01T08:36:35Z