Error "This site can't be reached ... ERR SSL KEY USAGE INCOMPATIBLE" seen in Microsoft Edge or Google Chrome when loading the Web interface for a Waters system - WKB279039

SYMPTOMS

• The following error message appears in Microsoft Edge or Google Chrome when loading the Web interface for a Waters software product:
  • This site can't be reached
  • The webpage at <URL> might be temporarily down or it might have moved permanently to a new web address
  • ERR_SSL_KEY_USAGE_INCOMPATIBLE
• The message does not appear when loading the same Web interface in Mozilla Firefox

ENVIRONMENT

• Web server uses a self-signed certificate for the website
• NuGenesis SDMS
• NuGenesis LMS
• waters_connect
• UNIFI

CAUSE

Google Chrome (as of v115) and Microsoft Edge have implemented a new restriction on self-signed certificates. It will accept self-signed certificates only if the certificate has "DigitalSignature" in its Key Usage property. Many self-signed certificates list only "KeyEncipherment" for their Key Usage property.

FIX or WORKAROUND

1. Preferably, install a certificate from a trusted CA into the Web server.
2. If a self-signed certificate must be used, follow the instructions in article wkb200306 for generating the certificate with the proper Key Usage.

ADDITIONAL INFORMATION

Chromium Web browsers have a policy workaround to disable this new behavior. This policy takes the form of a registry key:

• Chrome: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\"RSAKeyUsageForLocalAnchorsEnabled"=dword:00000000
• Edge: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\"RSAKeyUsageForLocalAnchorsEnabled"=dword:00000000

What extensions and details are included in a SSL certificate? (digicert.com)