Access to Web UI management page is failed with ERR_SSL_KEY_USAGE

Access to Web UI management page is failed with ERR_SSL_KEY_USAGE_INCOMPATIBLE

5910

Created On 04/19/24 03:38 AM - Last Modified 01/14/25 22:17 PM

Admin Access

Management Interface

Device Management

9.1

10.2

10.1

11.1

11.0

PAN-OS

Next-Generation Firewall

Strata

Symptom

With the updated version of Google Chrome or Microsoft Edge browsers, it is unable to access Web UI management page of NGFW with "ERR_SSL_KEY_USAGE_INCOMPATIBLE" error message.

Environment

Any Firewall models
Any PAN-OS versions
Google Chrome version 119 or later releases, or Microsoft Edge
SSL/TLS Service Profile for a custom Server Certificate is selected in [DEVICE > Setup > Management > General Settings]

Cause

This issue is caused by the strict check for "Key Usage" in the certificate by Google Chrome or Microsoft Edge browser.

Resolution

Check the Key Usage in the custom Server Certificate to see if the the following parameters is configured:
```
keyUsage=digitalSignature,keyEncipherment
```
SSL/TLS Service Profile configured in General Setting can be deleted via CLI.

After that, the default certificate will be used for management access.

> configure
# delete deviceconfig system ssl-tls-service-profile
# commit
# exit

Access to Web UI management page is failed with ERR_SSL_KEY_USAGE_INCOMPATIBLE

Symptom

Environment

Cause

Resolution

Other users also viewed: