ERR_SSL_KEY_USAGE_INCOMPATIBLE when using Self-Signed Certificate with Microsoft Edge

Question

I'm trying to create a Self-Signed Certificate from IIS, then access the Default Web Site using HTTPS

When I try, I'm unable to get past the ERR_SSL_KEY_USAGE_INCOMPATIBLE

I'm using Windows Server 2016

There is no proxy server

This is a single standalone test machine where I'm trying to access the Default Web Site using SSL

https://youtu.be/3PGowNoUn_I

This isn't really a "networking" issue yet

Then plan is to eventually connect from a PC running Windows 10

But first I need to get this working on the Server itself

Answer 1

Hi @jim cook,

The ERR_SSL_KEY_USAGE_INCOMPATIBLE error specifically suggests there is a problem with how the SSL certificate is being used or is recognized by Microsoft Edge, potentially due to a misconfiguration in IIS or an issue with the certificate itself.

You can try removing the Self-Signed Certificate and create a new certificate using PowerShell and a key usage flag of "Digital Signature".

Or you can try the following workaround to resolve this issue:

1. After win+r opens, enter "regedit" and navigate as follows: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge.
2. Create new DWORD entry named:  RSAKeyUsageForLocalAnchorsEnabled
3. Set the value to:  0x00000000 (0)

Note:  Create the above registry location if it does not already exist.

The appropriate solution is for the server certificate to be re-issued with the correct keyUsage bits set.

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the email notification for this thread.

Best regards,

Yurong Dai