Quantcast
Channel: Veeam Support Knowledge Base
Viewing all articles
Browse latest Browse all 4362

Veeam ONE Web Client Fails to Load With: ERR_SSL_KEY_USAGE_INCOMPATIBLE

February 4, 2024, 4:00 pm
$
0
0

Veeam ONE Web Client Fails to Load With: ERR_SSL_KEY_USAGE_INCOMPATIBLE

KB ID: 4534
Product: Veeam ONE
Published: 2024-02-05
Last Modified: 2024-02-05

Challenge

When attempting to load the Veeam ONE Web Client website using Chrome, the page fails to load with the error:

This site can't be reached
The webpage at https://<fqdn>:<port>/ might be temporarily down or it may have moved permanently to a new web address.
ERR_SSL_KEY_USAGE_INCOMPATIBLE
Cert Error Example of Error

Cause

This error occurs when the certificate the site uses has KeyUsage values defined, but the value Digital Signature is not specified.

This may occur because the user-provided SSL certificate is missing the Digitial Signature keyusage, or if the self-signed SSL certificate used by either product was reused from an older version.

Veeam ONE

  • In Veeam ONE 11 and older, the self-signed certificate generated by the installer was created with the following:
    KeyUsage: Key Encipherment, Data Encipherment
  • Starting in Veeam ONE 11a, the self-signed certificate generated by the installer is created with:
    KeyUsage: Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment

Solution

To resolve this issue, either force regenerate the Veeam ONE Website self-signed certificate or import a new certificate you've generated, and then assign the new certificate to the site within IIS Manager.

Generate a New "Veeam ONE Website self-signed certificate"

On the machine where the Veeam ONE Web Services component is installed, open an Administrative PowerShell Console and run the following PowerShell script:

Note: The Veeam ONE Web Services are installed on the machine that you connect to when opening the Veeam ONE Web Client.

#Generate Self-Signed Certificate
$params = @{
    DnsName = [System.Net.Dns]::GetHostByName("").HostName, $env:COMPUTERNAME
    CertStoreLocation = "Cert:\LocalMachine\My" 
    FriendlyName = "$(Get-Date -Format 'yyMMdd') Veeam ONE Website self-signed certificate"
    Subject = 'CN=' + [System.Net.Dns]::GetHostByName("").HostName
    TextExtension = @(
        '2.5.29.37={text}1.3.6.1.5.5.7.3.1'
    )
    KeyUsage = @("DigitalSignature","NonRepudiation","KeyEncipherment","DataEncipherment")
    NotAfter = (Get-Date).AddYears(10)
}
$cert = New-SelfSignedCertificate @params

#Add the certificate to the Trusted Root Certification Authorities
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store('Root', 'LocalMachine')
$rootStore.Open('ReadWrite')
$rootStore.Add($cert)
$rootStore.Close()

Assigning the New Certificate to the Site

With a new certificate imported or generated using the steps above, perform the following steps to assign that certificate to the site within IIS Manager.

  1. Open Internet Information Service (IIS) Manager (InetMgr.exe).
  2. Expand the node for the server's name.
  3. Expand the Sites node.
  4. Right-click the VeeamReporter entry, and select Edit Bindings...
Edit Bindings
  1. In the Site Bindings window, double-click the https entry.
edit https
  1. Using the SSL certificate drop-down box, select the new certificate.

    Note: The self-signed certificate generation script on this KB adds a datestamp prefix to the new certificate's name for easy identification:
    "yymmdd Veeam ONE Website self-signed certificate"
select new cert
  1. After selecting the new SSL certificate, click OK to close the https site binding settings, then close the Site Bindings window with the close button.
  2. Right-click the site, and from the Manage Website sub-menu, select Restart.
restart site
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Search
Viewing all articles
Browse latest Browse all 4362

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search