Fix ERR_SSL_KEY_USAGE_INCOMPATIBLE in 3 Steps

Note that SSL certificates must be renewed periodically

Browsers » Chrome

Reading time icon 4 min. read

Calendar icon Updated on

by Claire Moraa 

updated on

Share this article

This article is translated in

Country Flag
Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

When you encounter the err_ssl_key_usage_incompatible error in Chrome, it indicates an issue with the SSL certificate’s compatibility or configuration, affecting the secure connection to a website. This error can arise from various factors, including outdated Chrome versions, incorrect system time, or problematic extensions.

It may also occur when a certificate is not installed correctly or the computer’s firewall blocks the connection because the Chrome certificate is not trusted. Sometimes, you may be asked to verify where the certificate is from, or you will be stuck indefinitely.

How do I fix ERR_SSL_KEY_USAGE_INCOMPATIBLE in Chrome? 

1. Update Chrome

  1. Launch your Chrome browser and click the three vertical ellipses in the top right corner.
  2. Click Help, then select About Google Chrome.
  3. Check if there is an update available.

2. Disable extensions

  1. Navigate to your browser and in a new tab, enter the following address: chrome://extensions/
  2. Disable extensions one by one until you find the culprit.

3. Use incognito mode

  1. Launch your Chrome browser and click the three vertical ellipses in the top right corner.
  2. Select New incognito window.

Quick Tip:

You should run your SSL certificate through its tests on another browser that supports this validation. Because Opera One is a privacy-focused browser, we suggest testing it out on it as well.

You may handle certificates under Opera One’s Advanced settings and add them as needed. Try out Opera One for a more secure web browsing with it’s free VPN and Ad Blocker.

Opera One

Verify the integrity of your SSL certificates and browse the web in a more secure web.
Free Download Visit website

Additional solutions from research

Create a New Self-Signed Certificate: If using a self-signed certificate, ensure it includes the DigitalSignature parameter. Use PowerShell to generate a new certificate with the correct parameters:

New-SelfSignedCertificate -Type Custom -DnsName "server", "server.domain.local", '192.168.0.1' -KeyUsage "DigitalSignature","KeyEncipherment","KeyAgreement" -KeyAlgorithm RSA -KeyLength 4096 -CertStoreLocation "cert:\\CurrentUser\\My" -FriendlyName "YourCertName" -NotAfter (Get-Date).AddMonths(36) -Subject "YourSubject"

Export and Install the Certificate: After creating the certificate, export it and then install it to the Trusted Root Certification Authorities on your machine. This ensures that Chrome recognizes and trusts the certificate.

Adjust System Time: Ensure your computer’s clock is accurately set, as incorrect time settings can lead to SSL certificate errors.

Check for Chrome pduates: Always keep Chrome updated to the latest version to avoid compatibility issues with SSL certificates.

Why does Chrome say err_ssl_key_usage_incompatible? 

If you see this message, your web browser has detected a problem with the certificate being used by the website. There are several reasons why this might happen:

  • Expired certificate – The most common reason why Chrome says your certificate is invalid is that the certificate has expired. To fix this, simply renew your certificate.
  • Your computer clock is set incorrectly – Your time will determine the validity of your SSL certificate. Chrome checks whether websites’ SSL certificates are still valid by comparing them against system time; if your computer’s clock is off by too much, then all certificates will appear invalid. 
  • An out-of-date version of Chrome – Ensure your computer is running the latest version. If not, install an update or upgrade your device.
  • Third-party extensions – If you have any third-party extensions or programs installed on your computer that might interfere with Chrome’s ability to verify the certificate, temporarily disable them and see if it helps resolve the problem.

How do I update SSL in Chrome? 

The SSL certificate is one of the most important components of any website. It provides a secure connection between your browser and the website you’re trying to reach. 

Without it, your connection is not secure, and anyone who can intercept your data can see what you’re doing on the Internet.

It is why you need to update it if it is expired. Chrome’s certificate auto-update feature is enabled by default, so you shouldn’t need to change any settings. The browser will automatically download and install new certificates as they become available.

However, you can manually check for updates if you still get the error. If that still doesn’t work, uninstall and reinstall the browser and restart your PC.

You can also secure your certificate if Chrome says it’s not valid to ensure your identity is always protected.

If you have additional thoughts on this topic, feel free to leave them below in the comments section.

More about the topics: Chrome, SSL error

Claire Moraa

Claire Moraa Shield

Windows Software Expert

Claire has a knack for solving problems and improving the quality of life for those around her. She's driven by rationality, curiosity, and simplicity, and always eager to learn more about Microsoft's products. With a background in teaching and reviewing, she breaks down complex topics into easily understandable articles, focusing mostly on Windows 11, errors, and software.