This site can't be reached - ERR_SSL_KEY_USAGE_INCOMPATIBLE, when trying to access Merge1 portal

Problem

Merge1 portal is not accessible on any browser, causing the error: This site can't be reached.

Error Message

This site can’t be reached

The webpage at https://<merge1_portal_URL>/ might be temporarily down or it may have moved permanently to a new web address.

ERR_SSL_KEY_USAGE_INCOMPATIBLE

Cause

This error is seen in updated Google Chrome and Microsoft Edge browsers, due to the increase in the browsers' security settings.  The browsers require a digitally signed certificate, however self-signed certificates created in Internet Information Services (IIS) Manager do not contain the Digital Signature value in the Key Usage parameter.

Fig 1. A self-signed certificate created in IIS Manager depicting the missing Digital Signature entry in the Key Usage parameter.

Solution

Using Windows PowerShell to generate the self-signed certificate will work, as this certificate will contain the Digital Signature entry in the Key Usage parameter.

Fig 2. A self-signed certificate created in Windows PowerShell depicting the Digital Signature entry in the Key Usage parameter is present.

The self-signed certificate can be created in Windows PowerShell using the following steps:

1. Open Windows PowerShell on the Merge1 server in Administrator mode.
2. Run the following command to create the new self-signed certificate
   
   New-SelfSignedCertificate -DnsName <servername>.<domain> -CertStoreLocation cert:\LocalMachine\My
   
   

After creating the new self-signed certificate, the Bindings of the certificate will need to be updated in IIS Manager:

1. Open IIS Manager on Merge1 server
2. Navigate to Server-Sites-Merge1 Web Application
3. Select Bindings... in the Actions panel
4. Select https and Edit..
5. Select the newly created SSL certificate
6. Click OK.

Note: A restart of IIS or services is not required.