Problem with cert in Windows Orchestrator installation

I am trying to install orchestrator and on the first step “Orchestrator IIS Settings” get an error “The certificate with subject xxx does not have signing capabilities.”

I am quite new on all of this. Can you please provide me?
Thank you!

1 Like


Check below documentation

Hope this helps you


Thank you! I have already read and re-read and re-read it again for several hours :innocent: But maybe I missed something and don’t see it…


In this case your network team can help you

If possible share your error screen too


1 Like

Hi @Srini84

I consulted our Orchestrator team and apparently this error shows up because there is a stronger than needed validation of the SSL certificate.

In order to get over the step the certificate needs to have a private key.

1 Like


Check @loginerror reply

Hope it resolves your issue


Thank you! I will check it soon and come back. :innocent:

1 Like

So, It happen again.
Certificate HAS a private key:
And it installed in the right places.
:disappointed_relieved: What else should I check?

@loginerror, @Srini84 Can you help, please? :pray:


Still facing same issue?

I suggest better to raise this concern to Technical team of UiPath

As you have Enterprise License, you can reach Technical support


1 Like

@Rekses are you using the updated 20.4.3 installer? It should just give you a warning.

Hello! I use v2020.4.3 installer and it didn’t give me skip this step.

Hi Rekses, I have the same problem and I still can’t find answers, could you find a solution?

1 Like

Hello Brandoescalante, We are still finding. If we solve it I will share be sure :+1:
By the way what have you tried?

unfortunately, we are only trying to understand whether it is worth buying this solution, so we only have a trial key.

@Rekses We are facing the same issue. We followed the steps mentioned excatly as it is mentioned in the documentation. So you have company !

What we are currently trying to do:

  1. Install using uipathorchestrator.msi by using a self-signed certificate
  2. Replace certificate with our organization trusted certificate

Once Step 1 is done, we will try and update the certificate with our organization Trusted Certificate. This way we hope to avoid the “stronger than needed validation” during the installation stage as @loginerror mentioned. This is however a theory for now!

The challenge is that there is no detailed information about what properties a trusted certificate needs to have for 20.4.3 version which also requires a Identity Server configuration (the ones mentioned in the documentation is surely not enough)


Thank you for reply, guys @brandoescalante. I feel myself much better when I know that not alone :heart_eyes:

1 Like

The validation for the SSL or the signing certificates looks for the PrivateKey property of the certificate, which sometimes is empty (although the certificate has a private key). Before installing, you can check from Powershell if this is the case with your certificate.

(gci Cert:\LocalMachine\My\your_cert_thumbprint).PrivateKey

If the result is empty, then you may try the workaround suggested above - install with a self signed certificate, then switch to your CA certificate. Create the certificate with from Powershell, and then add it to the Trusted Root store.

New-SelfSignedCertificate -DnsName -subject MyCert -KeySpec KeyExchange

For SSL, just switch the certifcate in the IIS binding.
For the Identity certificate, change the thumbprint in the configuration as described here and set permissions as described here.


An update.
Step 1 worked well as we assumed and got access to the orchestrator.
However Step 2 is not so straight forward. We have tried what @vlad_rpa mentioned before calling it a day yesterday. No success yet.

Will keep this thread updated, when we find a solution.