'Unable to encrypt data as this certificate is not meant for Encryption' or 'Unable to sign ...'
Originally Published: 2009-05-13
Article Number
Applies To
Issue
"Unable to encrypt data as this certificate is not meant for Encryption"
"Unable to sign as the certificate is not meant for signing or signature verification"
Cause
digitalSignature (0)
nonRepudiation (1)
keyEncipherment (2)
dataEncipherment (3)
keyAgreement (4)
keyCertSign (5)
cRLSign (6)
encipherOnly (7)
decipherOnly (8)
FIM looks for these values:
digitalSignature to enable signing
dataEncipherment to enable encryption
Set the KeyUsage bits for the 2 uses above to enable all uses in FIM for a given keystore. Hotfixes after FIM 4.0 HF8 and FIM 4.1 HF3 will allow signing and encryption with a keystore if key usage is not set or if bits 0 and 3 are set
Resolution
Related Articles
FIM - Null pointer exception -'error encrypting the name id unable to encrypt' Number of Views When trying to encrypt a new folder receiving an error: Encryption failed. FSSVC-33097 : Object access denied Number of Views Generic REST AFX Connector does not encrypt Additional Parameters when defined as Encrypted in RSA Identity Governance & L… Number of Views RSA Authenticator 6.2 for Windows Quick Start Guide (Spanish) Number of Views Test connector settings of an Active Directory LDAP AFX Connector configured to use SSL over port 636 fails with 'Failed c… Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
