IBM Support

How do I fix the SSL exception CWPKI0022E "KeyUsage does not allow digital signatures" in WebSphere Application Server?

Question & Answer


Question

How do I fix the SSL exception CWPKI0022E "KeyUsage does not allow digital signatures" in WebSphere Application Server?

WSX509TrustMa E CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=LDAP.ibm.com, OU=websphere, O=ibm.com" was sent from target host:port " ldap://LDAP.IBM.COM:636 The signer may need to be added to local trust store "/opt/was80/AppServer/etc/LDAPServerTrustFile.jks" located in SSL configuration alias "LDAPCERT" loaded from SSL configuration file "security.xml". The extended error message from the SSL handshake exception is: "KeyUsage does not allow digital signatures".


[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"SSL","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

More support for:
WebSphere Application Server

Software version:
All Versions

Operating system(s):
AIX, Linux, Windows

Document number:
3380067

Modified date:
03 March 2025

UID

ibm13380067

Manage My Notification Subscriptions