SEC_ERROR_INADEQUATE_KEY_USAGE — Firefox: cert carries a Key Usage extension (keyUsage) but lacks the required bits for server auth. Needed: digitalSignature + keyEncipherment (RSA) or digitalSignature (ECDSA). Or Extended Key Usage (EKU) is missing serverAuth. Fix: reissue via the CA with correct extensions.
Below: causes, fixes, FAQ.
Free online tool — SSL certificate checker: instant results, no signup.
TLS Web Server Authenticationopenssl x509 -in cert.pem -text | grep -A2 "Key Usage"To fix the SEC_ERROR_INADEQUATE_KEY_USAGE error in Firefox, ensure your SSL certificate is configured correctly to meet key usage requirements. Specifically, the certificate must include the 'Digital Signature' and 'Key Encipherment' usages. You can verify this using the OpenSSL command line tool with openssl x509 -in your_certificate.crt -text -noout to check the key usage extensions.
The SEC_ERROR_INADEQUATE_KEY_USAGE error in Firefox occurs when a server's SSL/TLS certificate lacks the appropriate key usage attributes. This error typically arises in environments where strict compliance with security standards is enforced, such as in the EU's GDPR framework. Key usage attributes define the purposes for which a certificate's public key can be used, and if these are misconfigured, clients like Firefox will reject the connection.
Key usage attributes are defined in the X.509 standard, which is widely used for SSL/TLS certificates. The main usages relevant for web servers include:
When any of these usages are improperly set or missing, users may encounter the SEC_ERROR_INADEQUATE_KEY_USAGE error when trying to access secured websites.
To resolve the SEC_ERROR_INADEQUATE_KEY_USAGE error, follow these steps to ensure your SSL certificate is properly configured:
openssl x509 -in your_certificate.crt -text -nooutKey Usage and Extended Key Usage fields in the output. Ensure they include Digital Signature and Key Encipherment. Example output:Key Usage: critical, Digital Signature, Key EnciphermentBy following these steps, you can effectively address the SEC_ERROR_INADEQUATE_KEY_USAGE error and improve the security posture of your web applications.
SSL/TLS is the encryption protocol that protects data between the browser and server. Our tool analyzes the certificate, chain of trust, TLS version, and knownvulnerabilities.
Issuer, validity period, signature algorithm, covered domains (SAN), and validation type (DV/OV/EV).
Full chain verification: from leaf certificate through intermediates to root CA.
Protocol version (TLS 1.2/1.3), cipher suites, Perfect Forward Secrecy (PFS) support.
Set up a monitor — get Telegram and email alerts 30/14/7 days before expiration.
SSL certificate monitoring
TLS config audit
HTTPS as ranking factor
customer trust
www and subdomains.Strict-Transport-Security header forces browsers to always use HTTPS.SSL certificate monitoring, check history and alerts 30 days before expiry.
Sign up freeKey Usage — primary: what the cert can do cryptographically (sign, encrypt). EKU — constraining: for which applications it is allowed (server auth, client auth, email, code signing).
RSA: KU=digitalSignature,keyEncipherment + EKU=serverAuth. ECDSA: KU=digitalSignature + EKU=serverAuth.
Yes. In OpenSSL config: <code>keyUsage=digitalSignature,keyEncipherment</code> + <code>extendedKeyUsage=serverAuth</code>.
Firefox historically stricter on KU validation. Chrome also checks but sometimes warns less loudly.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.