08-15-2019 04:58 AM
Hello, in our Company we have DNAC testrun.
I also installed a ISE.
Now i try to replace the DNAC certificate to build up the connection to ISE.
But uploading the Certificate fails with "Certificate do not contain KeyUsage extension"
I took this example for creating my Certificate:
req_extensions = v3_req distinguished_name = req_distinguished_name default_bits = 4096 default_md = sha512 prompt = no [req_distinguished_name] C = <two-letter-country-code> ST = <state-or-province> L = <city> O = <company-name> OU = MyDivision CN = FQDN-of-Cisco-DNA-Center-on-GUI-port emailAddress = responsible-user@mycompany.tld [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage=serverAuth,clientAuth subjectAltName = @alt_names [alt_names] DNS.1 = FQDN-of-Cisco-DNA-Center-on-GUI-port DNS.2 = FQDN-of-Cisco-DNA-Center-on-enterprise-port DNS.3 = pnpserver.DomainAssignedByDHCPDuringPnP.tld IP.1 = Enterprise port IP node #1 IP.2 = Enterprise port IP node #2
Does anyone has an idea what is wrong?
Solved! Go to Solution.