I"d say do not use this v8 code prior ver 8.0.4 :-)
Sadiq Yakasai wrote:
> Just to let you guys know... do not use this version of code on the ASA5510
> with L2L VPN config with RSA-SIG!! It would keep telling you on the debugs
> that:
>
> %ASA-7-717025: Validating certificate chain containing 1 certificate(s).
> %ASA-7-717029: Identified client certificate within certificate chain.
> serial number: 1FF247D7000000000110, subject name:
> hostname=R5.ccie.com<http://r5.ccie.com/>
> .
> %ASA-7-717030: Found a suitable trustpoint CCIECA to validate certificate.
> %ASA-3-717009: Certificate validation failed. Peer certificate key usage is
> invalid, serial number: 1FF247D7000000000110, subject name: hostname=
> R5.ccie.com <http://r5.ccie.com/>.
> %ASA-3-717027: Certificate chain failed validation. Certificate chain is
> either invalid or not authorized.
> %ASA-5-713904: Group = R5.ccie.com <http://r5.ccie.com/>, IP = 150.1.5.5,
> Peer Certificate authentication failed: General Error
>
> This is all when you have EVERYTHING configured absolutely correct! All i
> did was downgrade the appliance to 7.2(4) and it works!
>
> Does anyone know whats going on here? :-)
Blogs and organic groups at http://www.ccie.net
Received on Fri May 08 2009 - 13:24:27 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:42 ART