cisco asdm - ssl certificate error (server authentication purpose)

lorenzo.baccioli · ‎05-14-2010

hi,

i want to change the self signed certificate with a new certificate from my CA in domain.

i try to install an identity certificate from an certification authority windows 2003 r2,where i put the scep add onprotocol,so i insert value to add new identity certificate trough gui interface, all seems to work and i have my certificate

then i go to advance to ssl settings and for inside and outside certificates i change the self certificate with the new certificate but when i apply this certificate i have prompt with this warning:

[Warning] ssl trust-point ASDM_TrustPoint3 inside

The ID certificate associated with trust point ASDM_TrustPoint3 contains an Extended Key Usage (EKU) extension but without the Server Authentication purpose which is required for SSL use

what i have to do? change server CA settings? change router settings? change value for certificate request?

Thanks

Lorenzo

Jennifer Halim · ‎05-14-2010

You could be generating the certificate on an incorrect certificate template. Please use web server certificate template for SSL certificate.

lorenzo.baccioli · ‎05-14-2010

i try the manual way, create a cert request and append to a web server certificate through web

then install and all seems to work

but i need to use automatic request, with scep, how i can correct this?

Jennifer Halim · ‎05-14-2010

With automatic request, you would need to check on the Microsoft CA server itself. The template for automatic request should be set to web server certificate.

David Belliveau · ‎09-27-2015

WOW! Thank you so much for this forum. I'm cramming for the 640-554 before november, on the last chapter, and the last thing I need is to be halted with "extracirricular" research. So glad this was a quick and easy answer!

Thank you!

attemborough · ‎06-08-2013

Please check extension of the certificate template in your windows certificate service.

The Application Policy must have Server Authentication option.