'Unable to encrypt data as this certificate is not meant for Encryption' or 'Unable to sign ...'
Originally Published: 2009-05-13
Article Number
Applies To
Issue
"Unable to encrypt data as this certificate is not meant for Encryption"
"Unable to sign as the certificate is not meant for signing or signature verification"
Cause
digitalSignature (0)
nonRepudiation (1)
keyEncipherment (2)
dataEncipherment (3)
keyAgreement (4)
keyCertSign (5)
cRLSign (6)
encipherOnly (7)
decipherOnly (8)
FIM looks for these values:
digitalSignature to enable signing
dataEncipherment to enable encryption
Set the KeyUsage bits for the 2 uses above to enable all uses in FIM for a given keystore. Hotfixes after FIM 4.0 HF8 and FIM 4.1 HF3 will allow signing and encryption with a keystore if key usage is not set or if bits 0 and 3 are set
Resolution
Related Articles
FIM - Null pointer exception -'error encrypting the name id unable to encrypt' Number of Views Generic REST AFX Connector does not encrypt Additional Parameters when defined as Encrypted in RSA Identity Governance & L… Number of Views View All Administrators Associated with an Administrative Role Number of Views Run Reports Number of Views Unification fails to identify terminated or deleted users in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
