New IIS Certifiicate Generates ERR_SSL_KEY_USAGE_INCOMPATIBILE Error
search cancel

New IIS Certifiicate Generates ERR_SSL_KEY_USAGE_INCOMPATIBILE Error

book

Article ID: 391044

calendar_today

Updated On:

Products

Carbon Black App Control

Issue/Introduction

After using the IIS certificate wizard to generate a new certificate, the console is inaccessible with this error message. 

ERR_SSL_KEY_USAGE_INCOMPATIBILE

Environment

  • Carbon Black Application Control: All Versions

Cause

IIS Wizard generated an invalid certificate

Resolution

  1. Open up powershell as an Administrator.
  2. Run this command to generate a new certificate.
    • Replace YourCertificateName with a unique name. 
    • Replace YourServer with the FQDN of your AppC server.
    • Set the AddYears(N) to how many years you want the certificate to be valid.  
      New-SelfSignedCertificate -FriendlyName YourCertifcateName -DnsName YourServer -KeyUsage DigitalSignature -NotAfter (Get-Date).AddYears(20)
  3. Open a new IIS window.
  4. Select the Server Name > Server Certificates.
  5. Verify the new certificate is listed, if it is not give IIS some time to sync. 
  6. Go to Sites > Parity Web Console > Select "Bindings..." on the right panel.
  7. Click "https" > Edit > Drop down the "SSL Certificate:" and select the new certificate.
  8. Click OK to save.
  9. Restart IIS in the right panel
  10. Attempt to access the console again. 
Powered by Wolken Software