This article applies to:
- MailMarshal SMTP 10.X
- Installations with first 10.X install/upgrade of 10.0.3 or below
Symptoms:
- Browsing to Management Console with Chrome or Edge
- Browser reports error: ERR_SSL_KEY_USAGE_INCOMPATIBLE
Causes:
- Current versions of the Chromium engine (used by Chrome and Edge) require specific usage flags in the certificate, in particular the "DigitalSignature" flag. Earlier releases of MailMarshal 10.X did not include these flags in the self signed certificates created at time of installation.
Resolution:
To resolve this issue, use a certificate with the expected flags.
- You can use a certificate issued by a public Certificate Authority.
- You can use a self-signed certificate created in Windows Powershell.
Certificate creation in Powershell
To create a certificate in Powershell, run Powershell as administrator.
Use a command similar to the following. This command places the new certificate in the "Personal" store for the local computer.
new-selfsignedcertificate -dnsname "myMMserver" -subject "CN=myMMserver" `
-friendlyname "new-for-myMMserver" -KEYLENGTH 2048 `
-NotAfter $([datetime]::now.AddYears(5)) `
-CERTSTORELOCATION cert:\localmachine\my
For more information about certificate creation options, see the Related Links below.
Binding the Console website
To apply a new certificate, open the IIS Manager on the MailMarshal Array Manager.
- If you need to import a CA signed certificate, see the Server Certificates item on the server root page.
- If you created a certificate with Powershell it will already be present.
To use the certificate:
- From the menu tree at left, expand Sites
- Select the MailMarshal Management Console site. From the right menu click Bindings
- Edit the binding and select your new certificate.
- Click OK.
After replacing the certificate, to ensure a new HTTPS connection you may need to fully close all browser windows and start again.