Sitecore 9.3 on Windows 11 Pro and SQL Server 2022 with encrypted connection

Recently, I had to install Sitecore 9.3 using Sitecore Install Assistant. Understandably, Sitecore 9.3 is an old version and is meant to run on Windows 10 Pro with SQL Server 2017 as per the install guide. As the combo  of Windows 10 Pro and SQL Server 2017, is out-dated at this point, I wanted to make the setup run on Windows 11 Pro/SQL Server 2022 since the concerned machine had secure SQL connectivity as needed by Sitecore 10.4.1. Note that there is an old Sitecore Stack Exchange post with regard to Sitecore 9.3 on Windows 11 Pro and I myself had setup the Sitecore 9.3 on Windows 11 Pro as a result facing/resolving issues stated in this blog post but the browser error I faced this time with Windows 11 Pro using SQL Server 2022 combo was totally new although the Sitecore installer executed successfully without errors. Also note that I didn't have to adjust the 9.3 xconnect-xp0.json file by passing TrustServerCertificate parameter probably because the machine already had encrypted sql server 2022 connection as highlighted in this blog post of mine. So, with all these as prerequisites, I decided to draft this note.

OS version: 

SQL Server version:

So, once you install Sitecore 9.3 instance in this environment, the following browser error is due to difference in certificate keyusage mismatch. In other words, Sitecore 9.3 keyusage is Data Encipherment (10) while what is expected is Digital Signature because Sitecore 10.4.x runs on Windows 11 Pro and SQL Server 2022 with "Digital Signature" keyusage. So, the fix was to create new certificates for all roles like cm, identity server and xconnect, Then, attach those new certificates to the website roles. Also, ensure that the correct app pool user has permission to the certificates. Furthermore, ensure the new thumbprint reflects in necessary locations in the web root config files.  After an iisreset, the Sitecore CM instance was accessible without the ERR_SSL_KEY_USAGE_INCOMPATIBLE error.

One-shot PS Script to accomplish all the above tasks:

1. Creates certificate thumbprint with correct keyusage

2. Binds the new thumbprint/certificate to IIS site(s)

3. Provide certificate access to necessary app pool user(s)

4. Find and replace thumbprint in xml/config files in each site webroot

5. Restart IIS

Run the following PS script after the Sitecore 9.3 installation is successful on Windows 11 Pro running SQL Server 2022 with encrypted connection and then the following browser error will not be encountered.

In other words, this PS script can accomplish everything stated in this Sitecore StackExchange thread apart from setting the necessary permissions + find/replace thumbprint not stated in this thread.

#######

#######

End-result:

Default Sitecore 9.3 keyusage (before script run):

Demo:

Browser error:

Hmmm… can't reach this page

It looks like the webpage at https://sc930csc.dev.local/sitecore might be having issues, or it may have moved permanently to a new web address.

ERR_SSL_KEY_USAGE_INCOMPATIBLE