ERR_SSL_KEY_USAGE_INCOMPATIBLE default ssl in laragon.


  • | 2501 points

    Does any one know why Chrome version 76, laragon default SSL not work?

    ERR_SSL_KEY_USAGE_INCOMPATIBLE

    this just happens on chrome.
    edge, firefox work okay.


  • administrators
    | 128420 points

    @kaxias : It works for me in Chrome 76.
    If you still have this problem, you can try:

    1. Update the template file (bin\laragon\tpl\openssql.conf), change keyUsage to:
    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
    
    1. Reload Apache - Laragon will generate new SAN certificate
    2. Click Menu > Apache > SSL > Add laragon.crt to Trust Store

    Hope it helps.

    Ref: https://superuser.com/questions/1451895/err-ssl-key-usage-incompatible-solution


  • | 2501 points

    • Update the template file (bin\laragon\tpl\openssql.conf.tpl and usr\tpl\openssql.conf.tpl), change keyUsage to
    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
    
    • in ect\ssl remove 3 files with name laragon
    • stop Apache
    • remove old certificate laragon in truster root certification authorities => certificates
    • start apache - Laragon will generate new SAN certificate
    • Click Menu > Apache > SSL > Add laragon.crt to Trust Store

    thank you @leokhoa your suggestion did work well.


  • | 355 points

    This post is deleted!

  • | 2501 points

    1. shutdown laragon application.
    2. find this files (laragon\bin\laragon\tpl\openssql.conf.tpl and laragon\usr\tpl\openssql.conf.tpl)
      in side of files find
    [req]
    default_bits = 2048
    distinguished_name = req_distinguished_name
    req_extensions = v3_req
    prompt = no
    
    [req_distinguished_name]
    C  = SG
    ST = Singapore
    L  = Singapore
    O  = Laragon
    OU = IT
    CN = laragon
    
    [v3_req]
    keyUsage = keyEncipherment, dataEncipherment     <------ change here
    extendedKeyUsage = serverAuth
    subjectAltName = @alt_names
    
    [alt_names]
    DNS.1 = localhost
    
    # You can another DNS below. For example:
    # DNS.2 = xxx
    # DNS.3 = yyy
    

    replace to

    [req]
    default_bits = 2048
    distinguished_name = req_distinguished_name
    req_extensions = v3_req
    prompt = no
    
    [req_distinguished_name]
    C  = SG
    ST = Singapore
    L  = Singapore
    O  = Laragon
    OU = IT
    CN = laragon
    
    [v3_req]
    keyUsage = nonRepudiation, digitalSignature, keyEncipherment      <------- for this
    extendedKeyUsage = serverAuth
    subjectAltName = @alt_names
    
    [alt_names]
    DNS.1 = localhost
    
    # You can another DNS below. For example:
    # DNS.2 = xxx
    # DNS.3 = yyy
    
    1. go to folder laragon\etc\ssl
      3. 1. delete this files
      auto.openssl.conf laragon laragon.csr laragon.key
    2. stat laragon application without start apache
      4.1. go menu -> apache -> SSL-> enabled unmark
      4.2. go menu -> apache -> SSL -> enabled reenabled <--- this will make new files in laragon\etc\ssl
      4.3. close all browser you have open
      4.4. in laragon application go menu -> apache -> SSL -> certificate manager and in certificate manager you go truster root certification authorities => certificates remove old laragon certicate
      4.5. go menu -> apache -> SSL -> add laragon.crt to truster store
    3. start apache

    I hope did help you.


  • | 61 points

    Thanks! Help me so match!


  • | 89 points

    1. stop Apache

    2. open this files and edit:
      laragon\bin\laragon\tpl\openssql.conf.tpl
      laragon\usr\tpl\openssql.conf.tpl
      laragon\etc\ssl\openssql.conf

    3. in all files change "keyUsage= ... " to:
      keyUsage = nonRepudiation, digitalSignature, keyEncipherment

    4. start Apache

    5. Click Menu > Apache > SSL > Add laragon.crt to Trust Store


  • | 471 points

    I Enabled the SSL on laragon, and modified openssl.conf.tpk as mentioned. Followed step by step everything. If i user the normal http:// url I manged to get to the site without a problem. but when I enter the https:// then I get the ERR_SSL_KEY_USAGE_INCOMPATIBLE error.

    The site is running on a VM Server (Windowns Server 2012 R2).

    On the laragon menu a green lock is being displayed next to apache


  • | 116 points

    @kaxias thanks worked for me


  • | 238 points

    @alireza.azami said in ERR_SSL_KEY_USAGE_INCOMPATIBLE default ssl in laragon.:

    1. stop Apache

    2. open this files and edit:
      laragon\bin\laragon\tpl\openssql.conf.tpl
      laragon\usr\tpl\openssql.conf.tpl
      laragon\etc\ssl\openssql.conf

    3. in all files change "keyUsage= ... " to:
      keyUsage = nonRepudiation, digitalSignature, keyEncipherment

    4. start Apache

    5. Click Menu > Apache > SSL > Add laragon.crt to Trust Store

    What @alireza-azami say, it works with Chrome 80, Laragon 4.0.16. Thaks for the tip.


Log in to reply
 

Looks like your connection to Laragon was lost, please wait while we try to reconnect.