You Have 2 options to fi this error, one is to use a Certificate signed by a trusted CA (LetsEncrypt,Sectio,etc.)
The other option is to generate you own certificate and making sure to apply the correct Key usages.
Software:
- OpenSSL for Windows: Binaries - OpenSSLWiki
Steps:
1. Installation:
- Download and install the latest version of OpenSSL for Windows.
- Extract the downloaded file to a location, e.g.,
C:\OpenSSL.
2. Open Command Prompt:
- Open a command prompt window with administrator privileges.
3. Navigate to the Bin Directory:
- Use the
cdcommand to navigate to the OpenSSLbindirectory, e.g.,cd C:\OpenSSL\bin.
4. Generate Private Key:
- Run the following command, replacing
axelgaard.keywith your desired filename and entering a secure password when prompted:
openssl genrsa -aes256 -out your_key_filename.key 2048
5. Generate Certificate Signing Request (CSR):
- Replace placeholders with your information and desired key usages/extended key usages in the following command:
openssl req -new -key your_key_filename.key -out your_csr_filename.csr -subj "/C=your_country/ST=your_state/L=your_city/O=your_organization/OU=your_unit/CN=your_domain.com" -addext "keyUsage=digitalSignature,keyCertSign,cRLSign,keyEncipherment,dataEncipherment" -addext "extendedKeyUsage=serverAuth,clientAuth"
6. Generate Self-Signed Certificate:
- Run the following command, replacing
your_key_filename,your_csr_filename, andyour_cert_filenamewith your chosen names:
openssl x509 -req -days 3650 -copy_extensions=copyall -in your_csr_filename.csr -signkey your_key_filename.key -out your_cert_filename.crt
7. Verify Certificate:
- Use the following command to view the certificate information and ensure the desired key usages/extended key usages are present:
openssl x509 -in your_cert_filename.crt -text -noout
8. Apply Certificate:
- Follow the specific instructions for your application or server on how to import the generated certificate (e.g.,
your_cert_filename.crt) and private key (e.g.,your_key_filename.key).
9. Distribute Certificate:
- If applicable, distribute the certificate to trusted clients for authentication purposes.