The captive portal page cannot be opened with an ERR_SSL_KEY_USAGE_INCOMPATIBLE error with chrome.

The captive portal page cannot be opened with an ERR_SSL_KEY_USAGE_INCOMPATIBLE error with chrome.

51882
Created On 11/21/23 08:07 AM - Last Modified 04/19/24 02:30 AM


Symptom


After upgrading Google Chrome to version 119 or later releases, the captive portal (Authentication Portal) page cannot be opened with an ERR_SSL_KEY_USAGE_INCOMPATIBLE error.

Environment


  • PA-Series Next-Generation Firewall
  • PAN-OS 9.1
  • Captive Portal
  • Chrome browser

Cause


This is because a Chrome security update added a certificate "Key Usage" check.

Resolution


For permanent solution, set a Captive Portal profile with a server certificate with Key Usage specified: 
keyUsage=digitalSignature,keyEncipherment

Additional Information


If Google Chrome version is between 119 and 123, one of the following workarounds is also available.
  1. Specify the following options when running Chrome.
​chrome.exe --force-fieldtrials=RSAKeyUsageForLocalAnchors/DisabledLaunch
  1. Create the following registry key.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"RSAKeyUsageForLocalAnchorsEnabled"=dword:00000000
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XhD7CAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language