This article only applies to GateKeeper On-premise Hub users.
Google Chrome recently rolled out an update. That update adds new security requirements that prevent it from connecting to webservers running on IIS with self-signed SSL certificates with default settings. GateKeeper Hub Admin users who have updated Chrome and then try to access our interface using their self-signed certificates may encounter the following error:
Google Chrome "ERR_SSL_KEY_USAGE_INCOMPATIBLE"
This article shows you how to manually create a new self-signed certificate with the settings required by the new version of Chrome.
Solving the Chrome Error
1. To begin, open PowerShell and run the following command to create a new self-signed certificate.
New-SelfSignedCertificate -FriendlyName GateKeeper.Hub -DnsName gatekeeper -CertStoreLocation Cert:\LocalMachine\My -KeyUsage DigitalSignature
- Set the DNS name to match the hostname of your GateKeeper Hub server
- Specify the certificate location
- Ensure the KeyUsage is set to "DigitalSignature"
Note:
-FriendlyName GateKeeper.Hub: Here, we are using "GateKeeper.Hub" as the friendly name; you can change it if you like.
-DnsName gatekeeper: Here, we are using "gatekeeper" as an example; you need to change it to the hostname of the machine where Hub is running or if you have a DNS set for the machine.
2. Open IIS Manager and you should find your new self-signed certificate under "Server Certificates." To apply your changes, navigate to the "Sites" folder in the left-hand tree structure of the IIS Manager and find your GateKeeper.Hub.
3. Right-click on it and choose "Edit Bindings," and on the Site Bindings pop-up window, click Edit.
4. Expand the drop-down menu SSL certificate, select the newly created NewGateKeeperHub certificate, then click OK.
5. Now, open a Google Chrome browser and attempt to access the GateKeeper Hub dashboard. When you see the following message (see image below). To progress past this warning, click the "Advanced" button on the bottom left to reveal the link to proceed. Click Advanced. This is because Chrome doesn't instantly recognize the new self-signed certificate you've added.
6. To progress past this warning, click the "Proceed to localhost (unsafe)" button on the bottom left to reveal the link to proceed to the GateKeeper Hub dashboard. Done.
Reference
https://www.frameflow.com/blog/solving-chrome-err-ssl-key-usage-incompatible/
For any additional questions or concerns regarding proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.
Comments
0 comments
Please sign in to leave a comment.