Product: ProfileUnity
Product Version: 6.8.4 and above
Expires on: 365 days from publish date
Updated: Feb 08, 2024
Problem:
After an update to a Chromium based browser you cannot access the ProfileUnity Management Console. An ERR_SSL_KEY_USAGE_INCOMPATIBLE error is shown on the page.
The error is given because the certificate requirements have been updated. A digital signature is now needed in the key usage.
Resolution:
If the management console is 6.8.4 R2 (6.8.4.8077) or greater, you can generate a new certificate.
- Backup the current Liquidware Certificate with the private keys.
- Stop the Liquidware Labs ProfileUnity services.
- Delete the current Liquidware Certificate.
- Start the Liquidware Labs ProfileUnity services. A new certificate should be generated that is compliant with the new browser requirements.
If you are on a prior version of ProfileUnity
-
Create a new self-signed certificate and place it in the Local Machine's Personal & Root cert store
-
When creating the certificate, specify DigitalSignature in the Key usage option.
For Example, if you are using PowerShell to generate the new certificate:
New-SelfSignedCertificate -FriendlyName YourServer -DnsName YourServer.YourDomain.X -KeyUsage DigitalSignature -
Export and save the new self-signed cert with the private key
-
Use an older version of a Edge/Chrome or non-chromium based browser, log into the ProU console.
Navigate to Administration > WebServices -
Import the new self-signed cert
-
Note: (If you are on a prior version of ProfileUnity and you do not have access to an older version of of a Edge/Chrome or non-chromium based browser)
You can set the following registry keys/value on the browser machine and then access the management console to import your certificate.[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"RSAKeyUsageForLocalAnchorsEnabled"=dword:00000000