ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Encryption Management Server does not support certificates that use the RSASSA-PSS signature algorithm


Article ID: 158768


Updated On:


Desktop Email Encryption Encryption Management Server Gateway Email Encryption


When trying to import an X.509 certificate which uses the RSASSA-PSS signature algorithm into Encryption Management Server by logging into the administration console and navigating to Consumers / Users / External Users and clicking on the Add External Users button, the import fails.

The administration console shows this error message:

Import Failed
There was an error importing the external user keys. Please check the Administration logs for further details.

Note that the Administration log does not show any further details.


Symantec Encryption Management Server 10.5 and above.


Encryption Management Server does not support X.509 certificates that use RSASSA-PSS.

Broadcom is committed to product quality and satisfied customers. This issue is currently being considered by Broadcom to be addressed in a forthcoming version or Maintenance Pack of the product. Please be sure to refer back to this article periodically as any changes to the status of the issue will be reflected here.

To subscribe to notifications about new releases of Encryption Management Server, please see article 142615.

To have your organization added to the list of those that want this Feature Request, please contact technical support.

Note that a similar Feature Request is open for support of RSASSA-PSS with PGP keys. See article 184820 for further details.

Additional Information