Cannot login to the management interface using self-signed ECDSA certificate in SSL/TLS profile

• When following the recommendations in the KB article to address Sweet32 vulnerability
• Create a self-signed ECDSA certificate to be assigned to the SSL/TLS profile for the Management Interface. 
• Check the Certificate Authority box in order to generate a self-signed certificate. 
• Now, when going to the WebUI using chrome browser, the following error is seen

This site can’t provide a secure connection
10.73.101.13 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

• PAN-OS 7.1 and above.
• Any Palo Alto Firewall.
• Any Panorama.

• ECDSA CA Certificates cannot be used as Server Certificates or as Client Certificates.
• A child certificate signed by the ECDSA CA to make it contain the x509v3 Extended Key Usage attributes: "TLS Web Server Authentication" and "TLS Web Client Authentication"

1. If the Web-UI window is closed, Login using CLI commands and revert the config to any previously working ones. An Example is shown below. If access is not closed, proceed from Step2.

admin@FW> configure
admin@FW# load config version <version #>   => using ? displays the config versions
admin@FW# commit
admin@FW#>exit

2. Using Web-UI login, Generate a self-signed ECDSA certificate with the Certificate Authority box checked using GUI: Device > Certificates > Generate.

3. Generate a leaf ECDSA certificate signed by the certificate created above using GUI: Device > Certificates > Generate

4. Add the leaf ECDSA certificate to an SSL/TLS Profile that profile should have Min Version set to TLSv1.2. This can be done using GUI: Device > Certificate Management > SSL/TLS Certificate Profile
5. Add that SSL/TLS Service Profile in  GUI: Device > Setup > Management tab > General Settings. 
6. Commit the configuration.
7. Login access should work fine after commit.