Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SEC_ERROR_INADEQUATE_KEY_USAGE when accessing the webGUI from Firefox

    Scheduled Pinned Locked Moved webGUI
    23 Posts 9 Posters 27.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      No clue - but what I can tell you happens alot is users say they do X, when they actually do Y... For all we know your hitting the other pfsense via http vs https. Or something silly like that.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      K 1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The Key Usage browser error is almost certainly not SAN-related, but the GUI cert not having the bit set to act as a TLS Web Server (or the browser not seeing it for some reason).

        Either way, generating a new proper cert should work around it.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          kevindd992002 @johnpoz
          last edited by

          @johnpoz said in SEC_ERROR_INADEQUATE_KEY_USAGE when accessing the webGUI from Firefox:

          No clue - but what I can tell you happens alot is users say they do X, when they actually do Y... For all we know your hitting the other pfsense via http vs https. Or something silly like that.

          I totally get that. And this is why I'm providing all screenshots that you need to prove what I'm claiming is true. I'm trying to be as troubleshooting-minded as possible here. And no, I'm accessing both through https. There'a nothing silly going on here because this is not really my first time handling pfsense but this issue isn't really familiar.

          Anyway, I'll juet recreate the cert and be done with it.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            The main reason that's the first step is because that's all we can really do. If the browser doesn't like an old certificate, but it does like a new one, then all you can do is generate a new one. We can't retroactively fix old certs, but when we find out about new/better defaults, we can fix the default cert code to comply for new certs.

            The only actionable thing for us would be if a new GUI cert also failed.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by johnpoz

              That cert is prob from like 2.2.6 of pfsense or even before, since that is the lastest version of pfsense that was released that could of created that cert. Mar 8, 2016

              JimP would know how many changes have happened with cert creation since that version and now ;)

              Which one of those works and the other doesn't one was in Mar and the other in MAY, so you could have actually quite a bit of difference in pfsense versions that could of created those certs.

              2.2.6 latest that could of created the mar one, but 2.3.1 could of been used to create the may one.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • K
                kevindd992002 @jimp
                last edited by

                @jimp said in SEC_ERROR_INADEQUATE_KEY_USAGE when accessing the webGUI from Firefox:

                We have seen some recent browser updates fail when a non-server cert is used for the GUI. Some non-SAN certs started failing years ago.

                You can make a fresh GUI cert from the console with current best defaults with pfSsh.php playback generateguicert

                Ok, this fixed the issue! Thanks for the help.

                59245887-d428-4b43-8fb4-f0f82473ebdd-image.png

                1 Reply Last reply Reply Quote 0
                • J
                  Jacques
                  last edited by Jacques

                  I am using windows + firefox and also Avast . pfsense is in a VM.
                  I got the same error SEC_ERROR_INADEQUATE_KEY_USAGE
                  Looking at certificats in firefox in Servers tab I found pfsense...
                  This entry should be deleted
                  It was "generated by avast! antivirus for self-signed certificates"

                  1 Reply Last reply Reply Quote 0
                  • M
                    Mohanad
                    last edited by

                    Hi all
                    i have same problem .. but in a different way
                    i have a problem with the ISP and get together and fix it
                    then i restore the last configuration file .. suddenly i can not access the pfsense gui throw https and the openVPN also
                    I try to access from a different PC and it works fine ..
                    Now i can not access to internally or externally .
                    also i am not a high tech person .. i am just a network engineer and a little bit of security .. so i dont know any thing about SSL , certificates
                    SBC.png

                    1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan
                      last edited by

                      Hi,

                      Click on

                      843d4fdc-7408-4ee2-9cf1-fa255668c248-image.png

                      and you see what cert is used by pfSense, what SAN, if the dates are ok, etc.

                      This :

                      @jimp said in SEC_ERROR_INADEQUATE_KEY_USAGE when accessing the webGUI from Firefox:

                      You can make a fresh GUI cert from the console with current best defaults with pfSsh.php playback generateguicert

                      will generate a new cert.
                      Firefox won't trust it at first, but you can overreirde this. because you know that "https://192.168.1" or "https://my-pfsense.my-network.tld" IS your pfSese and not some hacked site.

                      You can also use the console access to reset GUI access, so that http://192.168.1.1 is useable, so you can inspect with the GUI what the issue is.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      M 1 Reply Last reply Reply Quote 0
                      • M
                        Mohanad @Gertjan
                        last edited by Mohanad

                        @Gertjan said in SEC_ERROR_INADEQUATE_KEY_USAGE when accessing the webGUI from Firefox:

                        Hi,

                        Click on

                        843d4fdc-7408-4ee2-9cf1-fa255668c248-image.png

                        and you see what cert is used by pfSense, what SAN, if the dates are ok, etc.

                        The Time is set good .. no problem with it

                        This :

                        @jimp said in SEC_ERROR_INADEQUATE_KEY_USAGE when accessing the webGUI from Firefox:

                        You can make a fresh GUI cert from the console with current best defaults with pfSsh.php playback generateguicert

                        This the point .. How i can generate a new cert and from where
                        Please can you help me

                        will generate a new cert.
                        Firefox won't trust it at first, but you can overreirde this. because you know that "https://192.168.1" or "https://my-pfsense.my-network.tld" IS your pfSese and not some hacked site.

                        You can also use the console access to reset GUI access, so that http://192.168.1.1 is useable, so you can inspect with the GUI what the issue is.

                        I did this when i could not access since first time .. and it works with http

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.