How to troubleshoot Error: The Certificate With Subject Does Not Have Signing Capabilities?
Starting 20.4, Orchestrator comes with a lot of new security checks. New restrictions are a part of identity server website which is a part of the new release.
The mentioned error comes if the certificate used during the installation does not have signing capabilities :
Error Message: The Certificate With Subject <Certname> Does Not Have Signing Capabilities.
Below powershell script will return if the certificate used has signing capabilities or not:
certutil -v -store my your_cert_thumbprint |? { $_ -like '*KeySpec*' }
output if signing capability is enabled: KeySpec = 1
output if signing capability is disabled: KeySpec = 0
Solution:
Use the certificate with signing capabilities. The CA or internal security team should provide the certificate with signing capabilities.