After the TLS 1.2 ciphers were updated to disable certain RSA ciphers, Chrome shows a ERR_SSL_KEY_USAGE_INCOMPATIBLE error when trying to access the PAM UI. How can access to PAM be restored?

The issue was occurring due to a combination of the older TLS_RSA_WITH_AES_* ciphers being enabled and the Key Usage value configured for the certificate in PAM. This has been deprecated by Chrome as it is less secure.

Log into PAM through Firefox, then browse to Configuration > Security > Cryptography and enable the following cyphers, which are stronger and supported by Chrome. At the same time, disable the TLS_RSA_WITH_AES_* ciphers as they are les secure.

• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

This configuration change will require a reboot of the PAM appliance, so plan to make the change at a time when users are not currently logged into the UI.