Solving Chrome "ERR_SSL_KEY_USAGE_INCOMPATIBLE"

Learn How to Create a New Self-Signed IIS Certificate

Google Chrome "ERR_SSL_KEY_USAGE_INCOMPATIBLE"

Google Chrome recently rolled out an update that went live for most users this morning. That update adds new security requirements that prevent it from connecting to webservers running on IIS with self-signed SSL certificates with default settings. FrameFlow users who have updated Chrome today and then try to access our interface using their self-signed certificates may encounter the following error:

Error Message about SSL Key

This blog post shows you how to manually create a new self-signed certificate with the settings required by the new version of Chrome. If you're not yet running on IIS, you can follow the steps in our Running FrameFlow on IIS resource to get started.

Solving the Chrome Error

To begin, open PowerShell and run the following command to create a new self-signed certificate. Set the DNS name to match the hostname of your FrameFlow server, specify the certificate location, and make sure the KeyUsage is set to "DigitalSignature".

New-SelfSignedCertificate -FriendlyName FrameFlow -DnsName FrameFlow -CertStoreLocation Cert:\LocalMachine\My -KeyUsage DigitalSignature

PowerShell Command

Next, open IIS Manager and you should find your new self-signed certificate under "Server Certificates". To apply your changes, navigate to the "Sites" folder in the left-hand tree structure of the IIS Manager and find your website. Right-click on it and choose "Edit Bindings".

"Edit Bindings" Option

In the box that pops up, select your site binding and choose "Edit" from the right-hand menu.

Site Bindings Editor

This will open a new window. At the bottom of this window, you'll see a dropdown chooser labeled "SSL Certificate". Use this dropdown to select your certificate. Click "OK" when you're done.

Editing Site Binding

Now, when you go back to Chrome and refresh FrameFlow, you'll be met with the following message. This is because Chrome doesn't instantly recognize the new self-signed certificate that you've added.

Chrome Warning

To progress past this warning, click the "Advanced" button on the bottom left to reveal the link to proceed.

Proceeding to FrameFlow