I'm currently dealing with a problem related to the integration between the a cisco ASA 5510 and an AD Microsoft CA on a Windows2008R2.
I'm basically trying to enroll the ASA in the CA and get a certificate for the ASA to use for SSL VPNs.
I'm using SCEP enrollment and I've set up NDEP on the Win2008 CA.
Everything seems to be working just fine and I get the certificate but If I assign it to the interface, first the client receives a warning and then a blank page is shown (everything works just fine with the ASA self-signed certificate).
The problem looks like to be related to the purpose of the keys (key usage field) which is not Server authentication.
The certificate is automatically generated using the IPSec (offline) template.
Does anyone know how to get a working certificate?
Instead of doing it via SCEP, I would recommend to you to go to: http://yourserverip/certsrv, pick up the correct template (Web server) and enroll the ASA manually.
Please rate any helpful posts.
thanks for your answer. I've already tried to export the csr and use it to get a certificate off-line but when I submit the csr to the CA I get an error that says that no template information is contained in the request.
I guess I just have to post the problem to Micorosoft I think anyway that a guide by Cisco like the one for the Win2003 CA would be helpfull though..