ERR_SSL_KEY_USAGE_INCOMPATIBLE default ssl in laragon.


  • | 2303 points

    Does any one know why Chrome version 76, laragon default SSL not work?

    ERR_SSL_KEY_USAGE_INCOMPATIBLE

    this just happens on chrome.
    edge, firefox work okay.


  • administrators
    | 112754 points

    @kaxias : It works for me in Chrome 76.
    If you still have this problem, you can try:

    1. Update the template file (bin\laragon\tpl\openssql.conf), change keyUsage to:
    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
    
    1. Reload Apache - Laragon will generate new SAN certificate
    2. Click Menu > Apache > SSL > Add laragon.crt to Trust Store

    Hope it helps.

    Ref: https://superuser.com/questions/1451895/err-ssl-key-usage-incompatible-solution


  • | 2303 points

    • Update the template file (bin\laragon\tpl\openssql.conf.tpl and usr\tpl\openssql.conf.tpl), change keyUsage to
    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
    
    • in ect\ssl remove 3 files with name laragon
    • stop Apache
    • remove old certificate laragon in truster root certification authorities => certificates
    • start apache - Laragon will generate new SAN certificate
    • Click Menu > Apache > SSL > Add laragon.crt to Trust Store

    thank you @leokhoa your suggestion did work well.


  • | 355 points

    This post is deleted!

  • | 2303 points

    1. shutdown laragon application.
    2. find this files (laragon\bin\laragon\tpl\openssql.conf.tpl and laragon\usr\tpl\openssql.conf.tpl)
      in side of files find
    [req]
    default_bits = 2048
    distinguished_name = req_distinguished_name
    req_extensions = v3_req
    prompt = no
    
    [req_distinguished_name]
    C  = SG
    ST = Singapore
    L  = Singapore
    O  = Laragon
    OU = IT
    CN = laragon
    
    [v3_req]
    keyUsage = keyEncipherment, dataEncipherment     <------ change here
    extendedKeyUsage = serverAuth
    subjectAltName = @alt_names
    
    [alt_names]
    DNS.1 = localhost
    
    # You can another DNS below. For example:
    # DNS.2 = xxx
    # DNS.3 = yyy
    

    replace to

    [req]
    default_bits = 2048
    distinguished_name = req_distinguished_name
    req_extensions = v3_req
    prompt = no
    
    [req_distinguished_name]
    C  = SG
    ST = Singapore
    L  = Singapore
    O  = Laragon
    OU = IT
    CN = laragon
    
    [v3_req]
    keyUsage = nonRepudiation, digitalSignature, keyEncipherment      <------- for this
    extendedKeyUsage = serverAuth
    subjectAltName = @alt_names
    
    [alt_names]
    DNS.1 = localhost
    
    # You can another DNS below. For example:
    # DNS.2 = xxx
    # DNS.3 = yyy
    
    1. go to folder laragon\etc\ssl
      3. 1. delete this files
      auto.openssl.conf laragon laragon.csr laragon.key
    2. stat laragon application without start apache
      4.1. go menu -> apache -> SSL-> enabled unmark
      4.2. go menu -> apache -> SSL -> enabled reenabled <--- this will make new files in laragon\etc\ssl
      4.3. close all browser you have open
      4.4. in laragon application go menu -> apache -> SSL -> certificate manager and in certificate manager you go truster root certification authorities => certificates remove old laragon certicate
      4.5. go menu -> apache -> SSL -> add laragon.crt to truster store
    3. start apache

    I hope did help you.


Log in to reply
 

Looks like your connection to Laragon was lost, please wait while we try to reconnect.