Fix ERR_SSL_KEY_USAGE_INCOMPATIBLE in 4 Ways

Note that SSL certificates must be renewed periodically

Browsers ยป Chrome

Reading time icon 4 min. read

Calendar icon Updated on

by Claire Moraa 

updated on

Share this article

This article is translated in

Country Flag
Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

err_ssl_key_usage_incompatible
Struggling with various browser issues? Try a better option: Opera OneOver 300 million people use Opera One daily, a fully-fledged navigation experience coming with built-in packages, enhanced resource consumption, and great design.Here's what Opera One provides:
  • Optimize resource usage
  • AI and user-friendly
  • Built-in Ad Blocker
  • โ‡’ Get Opera One

The err_ssl_key_usage_incompatible error in Chrome indicates an issue with the SSL certificate, affecting the secure connection to a website.

This error can arise from various factors, including outdated Chrome versions, incorrect system time, or problematic extensions. No matter the cause, here’s how to fix it:

How do I fix ERR_SSL_KEY_USAGE_INCOMPATIBLE in Chrome? 

1. Update Chrome

  1. Launch your Chrome browser and click the three vertical ellipses in the top right corner.
  2. Click Help, then select About Google Chrome.about google chrome
  3. Check if there is an update available.check for chrome update

2. Disable extensions

  1. Navigate to your browser and in a new tab, enter the following address: chrome://extensions/
  2. Disable extensions one by one until you find the culprit.disable chrome extensions

3. Use incognito mode

  1. Launch your Chrome browser and click the three vertical ellipses in the top right corner.
  2. Select New incognito window.new incognito window in chrome

4. Try another browser

You should run your SSL certificate through its tests on another browser that supports this validation. Because Opera One is a privacy-focused browser, weย suggestย testing it out.

You may handle certificates under Opera One’s Advanced settings and add them as needed. We must also note that Opera is Chromium-based and supports a lot of Chrome’s features and extensions.

So if it gives you fewer headaches than Chrome and you want to make a permanent switch, know that doing it is easy and hassle-free.

Opera

Verify the integrity of your SSL certificates and browse the web in a more secure browser.
Free Download

Other things to try

Create a New Self-Signed Certificate: If using a self-signed certificate, ensure it includes the DigitalSignature parameter. Use PowerShell to generate a new certificate with the correct parameters:

New-SelfSignedCertificate -Type Custom -DnsName "server", "server.domain.local", '192.168.0.1' -KeyUsage "DigitalSignature","KeyEncipherment","KeyAgreement" -KeyAlgorithm RSA -KeyLength 4096 -CertStoreLocation "cert:\\CurrentUser\\My" -FriendlyName "YourCertName" -NotAfter (Get-Date).AddMonths(36) -Subject "YourSubject"

Export and Install the Certificate: After creating the certificate, export it and then install it to the Trusted Root Certification Authorities on your machine. This ensures that Chrome recognizes and trusts the certificate.

Adjust System Time: Ensure your computer’s clock is accurately set, as incorrect time settings can lead to SSL certificate errors.

Check for Chrome pduates: Always keep Chrome updated to the latest version to avoid compatibility issues with SSL certificates.

Why does Chrome say err_ssl_key_usage_incompatible? 

If you see this message, your web browser has detected a problem with the certificate being used by the website. There are several reasons why this might happen:

  • Expired certificate – The most common reason why Chrome says your certificate is invalid is that the certificate has expired. To fix this, simply renew your certificate.
  • Your computer clock is set incorrectly – Your time will determine the validity of your SSL certificate. Chrome checks whether websites’ SSL certificates are still valid by comparing them against system time; if your computer’s clock is off by too much, then all certificates will appear invalid. 
  • An out-of-date version of Chrome – Ensure your computer is running the latest version. If not, install an update or upgrade your device.
  • Third-party extensions – If you have any third-party extensions or programs installed on your computer that might interfere with Chrome’s ability to verify the certificate, temporarily disable them and see if it helps resolve the problem.

How do I update SSL in Chrome? 

The SSL certificate is one of the most important components of any website. It provides a secure connection between your browser and the website youโ€™re trying to reach. 

Without it, your connection is not secure, and anyone who can intercept your data can see what youโ€™re doing on the Internet.

It is why you need to update it if it is expired. Chrome’s certificate auto-update feature is enabled by default, so you shouldn’t need to change any settings. The browser will automatically download and install new certificates as they become available.

However, you can manually check for updates if you still get the error. If that still doesnโ€™t work, uninstall and reinstall the browser and restart your PC.

You can also secure your certificate if Chrome says it’s not valid to ensure your identity is always protected.

If you have additional thoughts on this topic, feel free to leave them below in the comments section.

More about the topics: Chrome, SSL error

Claire Moraa

Claire Moraa Shield

Windows Software Expert

Claire has a knack for solving problems and improving the quality of life for those around her. She's driven by rationality, curiosity, and simplicity, and always eager to learn more about Microsoft's products. With a background in teaching and reviewing, she breaks down complex topics into easily understandable articles, focusing mostly on Windows 11, errors, and software.

User forum

0 messages