'Unable to encrypt data as this certificate is not meant for Encryption' or 'Unable to sign ...'
Originally Published: 2009-05-13
Article Number
Applies To
Issue
"Unable to encrypt data as this certificate is not meant for Encryption"
"Unable to sign as the certificate is not meant for signing or signature verification"
Cause
digitalSignature (0)
nonRepudiation (1)
keyEncipherment (2)
dataEncipherment (3)
keyAgreement (4)
keyCertSign (5)
cRLSign (6)
encipherOnly (7)
decipherOnly (8)
FIM looks for these values:
digitalSignature to enable signing
dataEncipherment to enable encryption
Set the KeyUsage bits for the 2 uses above to enable all uses in FIM for a given keystore. Hotfixes after FIM 4.0 HF8 and FIM 4.1 HF3 will allow signing and encryption with a keystore if key usage is not set or if bits 0 and 3 are set
Resolution
Related Articles
FIM - Null pointer exception -'error encrypting the name id unable to encrypt' Number of Views Generic REST AFX Connector does not encrypt Additional Parameters when defined as Encrypted in RSA Identity Governance & L… Number of Views Run Clam Antivirus Software Number of Views RSA PrimeKit Quick Install Guide Number of Views Test connector settings of an Active Directory LDAP AFX Connector configured to use SSL over port 636 fails with 'Failed c… Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
Don't see what you're looking for?
