Scott, Does your trustpoint have the key you generated the CSR with defined as follows:
crypto ca trustpoint samplecompany enrollment terminal fqdn asa.samplecompany.com subject-name CN=asa,O=sample.com,C=US,St=California,L=SanFran keypair mykeypairname ignore-ipsec-keyusag ignore-ssl-keyusage crl configure -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Scott Granados Sent: Friday, December 11, 2009 1:12 PM To: [email protected] Subject: [c-nsp] ASA 5520,unable to find matching cert with digital key usage Hi, I'm getting the following error and I've popped it in to do a search but I'm not finding much and not understanding what I did find. The background: I am using ASA 5520 hardware. I am trying to create a trust point for certificate based authentication. I create the enrollment request with out issue, submit it to our CA server and receive the new cert. I've generated the keys and everything happens error free until I go to import the new cert. I first authenticate the trust point with the CA cert which seems to be error free but when I do a #crypto ca import "trust-point-name" certificate and paste the cert I receive the "can't find certificate with digital key usage" error. When googling all it says is to set key options but doesn't explain what that means or what options. What am I missing? Any pointers would be greatly appreciated. Thank you Scott _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
