Chrome returns error: ERR_SSL_KEY_USAGE_INCOMPATIBLE after swapping out a new self signed certificate
search cancel

Chrome returns error: ERR_SSL_KEY_USAGE_INCOMPATIBLE after swapping out a new self signed certificate

book

Article ID: 366748

calendar_today

Updated On: 04-30-2024

Products

IT Management Suite Client Management Suite

Issue/Introduction

A new Self Signed certificate is used as the NS Website certificate and results in error in Chrome: ERR_SSL_KEY_USAGE_INCOMPATIBLE

It may be possible to use Edge as a workaround for this error.

Cause

Key Usage was designated as KeyEncipherment, DataEncipherment.  This is fine for Server to Agent communication, but not to View the Console.

Certificates created by IIS Manager may have these attributes.

Resolution

We created a new Self Signed Certificate using Powershell with Key Usage = DigitalSignature  This resolved the issue as the certificate is able to be used in the Console and for Agent communications.

Powershell command:

New-SelfSignedCertificate -FriendlyName <serverName> -DnsName <serverName.Domain.Local> -KeyUsage DigitalSignature -CertStoreLocation cert:\LocalMachine\My

This creates a Certificate and puts it in the Local Computer > Personal > Certificates folder. Open up MMC and add Certificates snap-in using the Computer Account to View the newly created Certificate in the Personal folder.

Additional Information

Additional Parameters for New-SelfSignedCertificate command published by Microsoft: https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate?view=windowsserver2022-ps