cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
262
Views
0
Helpful
1
Replies
MrYousif
Beginner

Cisco Anyconnect SSL Cert VPN Loop

3May 28 202112:02:37717009    Certificate validation failed. Peer certificate key usage is invalid, serial number: (HIDDEN), subject name: CN=(HIDDEN).

 

3May 28 202112:02:37717027    Certificate chain failed validation. Certificate chain is either invalid or not authorized.

 

We cannot figure out why these messages are appearing.

We used IPSEC (Offline) MS CA Template.

Made sure Digital Signature was enabled

 

Tried these two commands:

crypto ca trustpoint

ignore-ipsec-keyusage

 

Also, certificate imports sucssesfuly in Anyconnect VPN Client. Than throws the two codes above, its giving it a new cert and throwing the same code over and over (loop)

1 ACCEPTED SOLUTION

Accepted Solutions
MrYousif
Beginner

Well the issue has been resolved. It was fun while it lasted.

 

After going round and round I was convinced this had something to do with the CA certificate..

 

Use IP security IKE intermediate template (offline) duplicate the template.

Resolution:

In the properties of the IP security IKE intermediate template (offline) look for Extensions, make sure Application Policies is highlighted click edit and make sure Client Authenticate, IP security IKE intermediate and Server Authentication is selected. By default only IP security IKE intermediate is selected, adding Client and Server Authentication fixed the issue

View solution in original post

1 REPLY 1
MrYousif
Beginner

Well the issue has been resolved. It was fun while it lasted.

 

After going round and round I was convinced this had something to do with the CA certificate..

 

Use IP security IKE intermediate template (offline) duplicate the template.

Resolution:

In the properties of the IP security IKE intermediate template (offline) look for Extensions, make sure Application Policies is highlighted click edit and make sure Client Authenticate, IP security IKE intermediate and Server Authentication is selected. By default only IP security IKE intermediate is selected, adding Client and Server Authentication fixed the issue

View solution in original post