Captive Portal Page does not show up in Mozilla firefox with Error: SEC_ERROR_INADEQUATE_KEY_USAGE

Captive Portal Page does not show up in Mozilla firefox with Error: SEC_ERROR_INADEQUATE_KEY_USAGE

23639
Created On 03/04/20 21:50 PM - Last Modified 09/15/20 03:22 AM


Symptom


  • Cannot open captive portal login page using the latest Firefox browser with Error: SEC_ERROR_INADEQUATE_KEY_USAGE
  • All other browsers including the latest Microsoft Edge and Google Chrome showing on issue bringing up the CP login page
  • Cannot provide the internet access to Captive Portal clients using the latest Firefox browser
  • This happens with or without decryption enabled under the PA-VM firewall  

Environment


  • PA-VM firewalls  under both private and public cloud environment
  • PAN-OS 8.x and 9.x
  • Firefox browser version 73.0.1 (64-bit)
  • Both Windows and Mac OS environment

Cause


  • Firefox browser does not support SSL certificates which are also self-signed root CA. 
  • A self-signed SSL certificate from PA-VM was configured for the Captive Portal redirect. 

Resolution


  • Removed the self-signed SSL certificate from the Captive Portal SSL/TLS Service Profile and replace it with the new SSL certificate chaining to different Root CA. 
  • Import the same Root CA certificate onto Firefox browser (Options>Privacy & Security>Certificates>Import)
            User-added image
  • Edit Trust setting to enable "This certificate can identity websites"
           User-added image
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POvnCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language