{"id":723,"date":"2012-12-01T00:00:00","date_gmt":"2012-12-01T00:00:00","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2012\/12\/01\/cisco-asa-certificate-based-ipsec-vpn-error-certificate-validation-failed-peer-certificate-key-usage-is-invalid\/"},"modified":"2023-02-24T12:56:39","modified_gmt":"2023-02-24T12:56:39","slug":"cisco-asa-certificate-based-ipsec-vpn-error-certificate-validation-failed-peer-certificate-key-usage-is-invalid","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-certificate-based-ipsec-vpn-error-certificate-validation-failed-peer-certificate-key-usage-is-invalid.html","title":{"rendered":"Cisco ASA ERROR: Certificate validation failed. Peer certificate key usage is invalid"},"content":{"rendered":"
When trying to connect using the Cisco VPN Client with certificate based authentication you receive the following error from you debug logs.<\/p>\n
This error can occur if the certificate doesn’t have the digital signature key usage set.<\/p>\n
To resolve this either :<\/p>\n
crypto ca trustpoint <trustpointname>
\nignore-ipsec-keyusage<\/p>\n","protected":false},"excerpt":{"rendered":"
Error When trying to connect using the Cisco VPN Client with certificate based authentication you receive the following error from you debug logs. CRYPTO_PKI: Certificate validation: Failed, status: 1873. Attempting to retrieve revocation status if necessary ERROR: Certificate validation failed. Peer certificate key usage is invalid, serial number: 210F2EDE0000000009AF, subject name: cn=xxxxx,ou=xxxx,o=xxxxx,c=xx CRYPTO_PKI: Certificate not … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"yoast_head":"\n