05-28-2021 09:08 AM - edited 05-28-2021 09:11 AM
3 | May 28 2021 | 12:02:37 | 717009 | Certificate validation failed. Peer certificate key usage is invalid, serial number: (HIDDEN), subject name: CN=(HIDDEN). |
3 | May 28 2021 | 12:02:37 | 717027 | Certificate chain failed validation. Certificate chain is either invalid or not authorized. |
We cannot figure out why these messages are appearing.
We used IPSEC (Offline) MS CA Template.
Made sure Digital Signature was enabled
Tried these two commands:
crypto ca trustpoint
ignore-ipsec-keyusage
Also, certificate imports sucssesfuly in Anyconnect VPN Client. Than throws the two codes above, its giving it a new cert and throwing the same code over and over (loop)
Solved! Go to Solution.
06-01-2021 11:16 AM
Well the issue has been resolved. It was fun while it lasted.
After going round and round I was convinced this had something to do with the CA certificate..
Use IP security IKE intermediate template (offline) duplicate the template.
Resolution:
In the properties of the IP security IKE intermediate template (offline) look for Extensions, make sure Application Policies is highlighted click edit and make sure Client Authenticate, IP security IKE intermediate and Server Authentication is selected. By default only IP security IKE intermediate is selected, adding Client and Server Authentication fixed the issue
06-01-2021 11:16 AM
Well the issue has been resolved. It was fun while it lasted.
After going round and round I was convinced this had something to do with the CA certificate..
Use IP security IKE intermediate template (offline) duplicate the template.
Resolution:
In the properties of the IP security IKE intermediate template (offline) look for Extensions, make sure Application Policies is highlighted click edit and make sure Client Authenticate, IP security IKE intermediate and Server Authentication is selected. By default only IP security IKE intermediate is selected, adding Client and Server Authentication fixed the issue
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide