Firefox reports 'sec_error_inadequate_key_usage' when accessing the proxy's SSL-based Virtual Authentication URL


Article ID: 167700


Updated On:


ProxySG Software - SGOS


After following KB3700, or implementing SSL Interception in a transparent proxy deployment, Firefox users receive a sec_error_inadequate_key_usage browser error.


The reason for the key usage error has to do with the certificates in use on the ProxySG in this scenario. After implementing a subordinate CA certificate for SSL interception, Proxy administrators will typically set the same certificate in the Reverse proxy service used for transparently redirected authentication.  While this is sufficient for both Internet Explorer and Chrome, Firefox (as of version 3.6) will return the above error.

The solution to this issue is to install a Web Server certificate (instead of the Subordinate CA certificate used for SSL interception) for use in the SSL Reverse Proxy service. Firefox then accepts the certificate as a valid type when user requests are redirected to the SSL Reverse Proxy service to authenticate.