Enforce web console fails to load in Google Chrome version 117 and later.
search cancel

Enforce web console fails to load in Google Chrome version 117 and later.

book

Article ID: 281168

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite

Issue/Introduction

If the SSL certificate for the Enforce Server, signed by a Trusted Certificate Authority, exhibits incorrect or invalid certificate usage, Google Chrome will not load the Enforce console and will encounter an error, specifically ERR_SSL_KEY_USAGE_INCOMPATIBLE.

Environment

Google Chrome version 117 +

Cause

Chrome 117 has begin enforcing that the key usage extension is set properly on RSA certificates chaining to local roots.

https://support.google.com/chrome/a/answer/10314655?sjid=12210116442877404240-AP#120&zippy=,chrome

Resolution

When generating a certificate, the Certificate Authority (CA) must adhere to the usage extension guidelines set by Google Chrome for SSL certificates.

Workaround is to disable 'RSAKeyUsageForLocalAnchorsEnabled' by modifying below registry.

  1. Go to registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\
  2. Create a REG DWORD 'RSAKeyUsageForLocalAnchorsEnabled' with value 0.
  3. Restart machine.
Powered by Wolken Software