Hi!
I am trying to install orchestrator and on the first step “Orchestrator IIS Settings” get an error “The certificate with subject xxx does not have signing capabilities.”
I am quite new on all of this. Can you please provide me?
Thank you!
1 Like
Thank you! I have already read and re-read and re-read it again for several hours 
But maybe I missed something and don’t see it…
1 Like
Hi @Srini84
I consulted our Orchestrator team and apparently this error shows up because there is a stronger than needed validation of the SSL certificate.
In order to get over the step the certificate needs to have a private key.
1 Like
Thank you! I will check it soon and come back.
1 Like
So, It happen again.
Certificate HAS a private key:
And it installed in the right places.
What else should I check?
@loginerror, @Srini84 Can you help, please? 
Still facing same issue?
I suggest better to raise this concern to Technical team of UiPath
As you have Enterprise License, you can reach Technical support
Thanks
1 Like
@Rekses are you using the updated 20.4.3 installer? It should just give you a warning.
Hello! I use v2020.4.3 installer and it didn’t give me skip this step.
Hi Rekses, I have the same problem and I still can’t find answers, could you find a solution?
1 Like
Hello Brandoescalante, We are still finding. If we solve it I will share be sure 
By the way what have you tried?
Hi,
unfortunately, we are only trying to understand whether it is worth buying this solution, so we only have a trial key.
@Rekses We are facing the same issue. We followed the steps mentioned excatly as it is mentioned in the documentation. So you have company !
What we are currently trying to do:
- Install using uipathorchestrator.msi by using a self-signed certificate
- Replace certificate with our organization trusted certificate
Once Step 1 is done, we will try and update the certificate with our organization Trusted Certificate. This way we hope to avoid the “stronger than needed validation” during the installation stage as @loginerror mentioned. This is however a theory for now!
The challenge is that there is no detailed information about what properties a trusted certificate needs to have for 20.4.3 version which also requires a Identity Server configuration (the ones mentioned in the documentation is surely not enough)
4 Likes
Thank you for reply, guys @brandoescalante. I feel myself much better when I know that not alone 
1 Like
The validation for the SSL or the signing certificates looks for the PrivateKey property of the certificate, which sometimes is empty (although the certificate has a private key). Before installing, you can check from Powershell if this is the case with your certificate.
(gci Cert:\LocalMachine\My\your_cert_thumbprint).PrivateKey
If the result is empty, then you may try the workaround suggested above - install with a self signed certificate, then switch to your CA certificate. Create the certificate with from Powershell, and then add it to the Trusted Root store.
New-SelfSignedCertificate -DnsName your.host -subject MyCert -KeySpec KeyExchange
For SSL, just switch the certifcate in the IIS binding.
For the Identity certificate, change the thumbprint in the configuration as described here and set permissions as described here.
2 Likes
An update.
Step 1 worked well as we assumed and got access to the orchestrator.
However Step 2 is not so straight forward. We have tried what @vlad_rpa mentioned before calling it a day yesterday. No success yet.
Will keep this thread updated, when we find a solution.
sonaliaggarwal47
Aditya_Nalawade11
Lynn_Song
ashokkarale
Anil_G
arivu96
sharazkm32