This can happen if you have a controller that generated the self-signed certificate a long time ago, and kept that during upgrades. Resolution would be to (externally, OpenSSL or so) create a new self-signed certificate and use that for the WebUI. It seems that future versions of ArubaOS may detect this situation and recreate the certificate automatically, but for now either ignore/use chrome, or import your own certificate.
Background is that certificates can have a 'key usage' attribute, like for encryption or authentication, and in the past this attribute was not commonly included when certificates are created, nor it was checked. Apparently chromium started to actually validate the key usage and fails if the attribute is missing at all.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 14, 2024 10:42 PM
From: Nandi Pura Nugraha
Subject: ERR_SSL_KEY_USAGE_INCOMPATIBLE Aruba Controller OS8
Hy guys, I want to ask about the ERR_SSL_KEY_USAGE_INCOMPATIBLE issue when accessing the web ui of the aruba controller OS8 from Chromium-based browsers. has anyone experienced it and what is the solution?
because there is no issue when accessed via FireFox Browser.
Regards,