.NET core web app using SSL – SEC_ERROR_INADEQUATE_KEY_USAGE

If there is problems start a local development server in .net core version 6 web app using SSL. You can disable SSL in the launch profile. When I started a new website today in the local dev I got the error message “SEC_ERROR_INADEQUATE_KEY_USAGE”. I tried to copy the personal certificate in the certificate manager but that didn’t work. So I decided to disable SSL instead. This is how you can disable SSL in the local dev:
1. Right click on project name in solution explorer and select Properties.
2. Select Debug > General.
3. Click on link Open launch profile.
4. In the IIS Express section untick “Use SSL”.
5. Hit F5 to start website without SSL.

use-ssl

Convert SSL certificate to PFX using OpenSSL

If you want to create a password protected PFX file from certificate file and a private key you can use OpenSSL. Follow these steps to create a PFX file.

ssl certificate
  • 1. Download the SSL/TLS tookit from https://www.openssl.org.
  • 2. Run this command in a terminal window:
    “{PATH}\openssl.exe” pkcs12 -export -out “{PATH}\{filename-of-pfx}.pfx” -inkey “{PATH}{filename-of-key}.key” -in “{PATH}{filename-of-certificate}.crt” -certfile {PATH}{filename-of-ca-bundle}.crt
  • 3. Choose a password for the pfx file.
  • 4. Done, the pfx file is now created at specified path.

Error when reading from PFX certificate SSL/TLS

Case
Establish a secure connection to a server. Authentication with certificate.

Error message
The request was aborted: Could not create SSL/TLS secure channel.

  1. Start Microsoft Management Console, either from control panel or by run command “mmc”.
  2. In MMC select File > Add/Remove Snap-In (Ctrl+M).

    mmc add remove snap in
  3. Select Certificates > Add > OK. In next window select Local Computer.

    mmc add certificate
  4. When Certificates is added select Certificates > Personal > Certificates.
  5. You can see all the installed certificates in the window to the right. In order to add a permission right-click on a certificate and select All Tasks > Manage Private Keys.

    mmc manage private keys
  6. Search for user IIS_IUSRS (IIS User) and then add the user. You can configure the permissions like full control, read etc.
    when the user is added.

    mmc add iis user