OIDs for Site-to-Site IPsec


Dear Let’s Encrypt Community,

my problem is not related to any of the usual topics on this site, but it does go more in depth into security with certificates, than the web has answers for. So I am asking the experts. What OIDs must be included in a certificate for it to pass the ikev2 check. I tried to set up a certificate-based ipsec tunnel between two ASAs. The certificates come from MS CS and both ASAs trust the root CA. But the ikev2 process aborts, because the certificates are not supposed to be used for ikev2. Now I put numerous hours into researching the required OIDs for the certificates, but I haven’t been able to find anything. What I am asking of you now is if you could tell me the OIDs needed for authenticating an Ikev2 IPsec Site-to-Site.

Best Regards,

Max Maier


hi @Max_Maier_VIE

This forum is for Let’s Encrypt specific questions

As you are using a Microsoft Certificate Service certificate it’s not really fair to ask questions here

There are generic encryption forums such as https://crypto.stackexchange.com/

The other option is to ask a Cisco specific forum/support



Well you are right. Sorry for bothering you guys. I guess I’ll have to ask real experts.

Best Regards.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.