Firefox reports 'sec_error_inadequate_key_usage' when accessing the proxy's SSL-based Virtual Authentication URL

Solution

Overview

After following KB3700, or implementing SSL Interception in a transparent proxy deployment, Firefox users receive a sec_error_inadequate_key_usage browser error.

Cause
Resolution

The reason for the key usage error has to do with the certificates in use on the proxy in this scenario.  After implementing a subordinate CA certificate for SSL interception, Proxy administrators will typically set the same certificate in the Reverse proxy service used for transparently redirected authentication.  While this is okay for Internet Explorer, Firefox (as of version 3.6) provides the above error.

The solution to this issue is to install a Web server certificate (instead of the Subordinate CA certificate used for SSL interception) for use in the SSL Reverse Proxy service. Firefox then accepts the certificate as a valid type when user requests are redirected to the SSL Reverse Proxy service to authenticate.

Workaround
Additional Information
Bug Number
InQuira Doc IdKB5117
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat