Encryption.DecryptRSAUTF8 exception: Object reference not set to an instance of an object.

    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Cloud
  • Version Affected:  All


    Error log shows "Encryption.DecryptRSAUTF8 exception: Object reference not set to an instance of an object."

    This can be accompanied by a loss of functionality or the realm may work perfectly but the error still occurs. 

    It should be noted that the more common version of this error DecryptRSAUTF8-exception-Keyset-does-not-exist  can be seen here



    We use the License Cert, as shown in the license info section of the System Info tab to do the encryption/decryption of important values within the Web.Config

    1. Values have been encrypted into the Web.config using License Cert X
    2. The License Cert has been changed to License Cert Y
    3. Most values have been recreated since then and re-encrypted using License Cert Y
    4. There is a remaining value or values that haven't been cleared/re-entered since the change of cert.


    Assuming you've settled on the final cert, you'll need to go an update all of the secure values that we can store in the Web.config

    These are

    1. FbaUser password as set on the Workflow tab
    2. Api Key/Secret as set on the API tab
    3. Oracle and SQL Connection Strings set on the Data tab
    4. Web Service password set on the Data tab
    5. Any other Passwords (such as AD/ADLDS etc) set on the Data tab


    Special Considerations:  

    Please note, just because a value is not currently visible on the data tab, doesn't mean it hasn't previously been set. For example, if you original setup an AD Connection but have now swapped to Web Service instead, the old AD password will still be saved so you'd need to update this and/or blank it out. 



    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful



    Please sign in to leave a comment.