The captive portal page cannot be opened with an ERR_SSL_KEY_USAGE_INCOMPATIBLE error with chrome.
51882
Created On 11/21/23 08:07 AM - Last Modified 04/19/24 02:30 AM
Symptom
After upgrading Google Chrome to version 119 or later releases, the captive portal (Authentication Portal) page cannot be opened with an ERR_SSL_KEY_USAGE_INCOMPATIBLE error.
Environment
- PA-Series Next-Generation Firewall
- PAN-OS 9.1
- Captive Portal
- Chrome browser
Cause
This is because a Chrome security update added a certificate "Key Usage" check.
Resolution
For permanent solution, set a Captive Portal profile with a server certificate with Key Usage specified:
keyUsage=digitalSignature,keyEncipherment
Additional Information
If Google Chrome version is between 119 and 123, one of the following workarounds is also available.
- Specify the following options when running Chrome.
​chrome.exe --force-fieldtrials=RSAKeyUsageForLocalAnchors/DisabledLaunch
- Create the following registry key.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"RSAKeyUsageForLocalAnchorsEnabled"=dword:00000000