Firefox displays SSL Error: SEC_ERROR_INADEQUATE_KEY_USAGE when using self-signed certificate


When using self-signed certificates, and accessing your web contents with the Firefox browser, you may get a strange error message SEC_ERROR_INADEQUATE_KEY_USAGE

This may happen in self hosted instances of YunoHost for example.

Whereas the contents is properly displayed in all other browsers, you cannot add any exception in Firefox and may think there’s an error in the generated certificate.

But the message is misleading. As explained in this thread, this is not a matter of certificate generation but a matter of CA Chain resolution algorithm as implemented by Firefox.

The culprit is in the name of the Certification Authority which matches the name of one of the website for which the certificate has been issued.

There are 2 solutions :

  • Either you can change the Distinguished Name of the CA
  • Or you must add the CA root certificate to the list of trusted CAs within Firefox. Please note that it must be put in the Firefox store; using the Windows computer store for example won’t work. The menu to import the certificate is available by typing “about:preferences#privacy” in the address bar, and using the “view certificates” button.