How to troubleshoot Error: The Certificate With Subject Does Not Have Signing Capabilities?

Starting 20.4, Orchestrator comes with a lot of new security checks. New restrictions are a part of identity server website which is a part of the new release.

The mentioned error comes if the certificate used during the installation does not have signing capabilities :
 Error Message: The Certificate With Subject <Certname> Does Not Have Signing Capabilities.

Below powershell script will return if the certificate used has signing capabilities or not:

certutil -v -store my your_cert_thumbprint |? { $_ -like '*KeySpec*' }

output if signing capability is enabled: KeySpec = 1 
output if signing capability is disabled: KeySpec = 0 

Solution:
Use the certificate with signing capabilities. The CA or internal security team should provide the certificate with signing capabilities.