'Unable to encrypt data as this certificate is not meant for Encryption' or 'Unable to sign ...'
Originally Published: 2009-05-13
Article Number
Applies To
Issue
"Unable to encrypt data as this certificate is not meant for Encryption"
"Unable to sign as the certificate is not meant for signing or signature verification"
Cause
digitalSignature (0)
nonRepudiation (1)
keyEncipherment (2)
dataEncipherment (3)
keyAgreement (4)
keyCertSign (5)
cRLSign (6)
encipherOnly (7)
decipherOnly (8)
FIM looks for these values:
digitalSignature to enable signing
dataEncipherment to enable encryption
Set the KeyUsage bits for the 2 uses above to enable all uses in FIM for a given keystore. Hotfixes after FIM 4.0 HF8 and FIM 4.1 HF3 will allow signing and encryption with a keystore if key usage is not set or if bits 0 and 3 are set
Resolution
Related Articles
When trying to encrypt a new folder receiving an error: Encryption failed. FSSVC-33097 : Object access denied Number of Views Generic REST AFX Connector does not encrypt Additional Parameters when defined as Encrypted in RSA Identity Governance & L… Number of Views ORA-39070: "Unable to open the log file" error or ORA-06512: at "SYS.DBMS_SYS_ERROR" and "SYS.DBMS_DATAPUMP" errors when b… Number of Views Adding an additional Operations Console administrator fails with the error message Encrypted data could not be updated in … Number of Views How to send Operating System logs in /var/log/messages file to a remote syslog server in RSA Authentication Manager 8.6 o… Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory
Don't see what you're looking for?
