This error indicates that the certificate used to verify a binary with the ''[[:cmd:imgverify]]'' command is not a signing certificate.  A certificate used for code-signing must include the digitalSignature key usage.

Things to try:

   * Check that your certificate includes the digitalSignature key usage.  For example, to check the certificate ''codesign.crt'':<code>  $ openssl x509 -in codesign.crt -noout -text
  ...
     X509v3 extensions:
          X509v3 Key Usage:
              Digital Signature
          X509v3 Extended Key Usage:
              Code Signing
  ...</code>

  * Generate a new code-signing certificate including the digitalSignature key usage.  If you are using [[http://www.openssl.org/|OpenSSL]] to generate the certificate, then you need to include the following [[http://www.openssl.org/docs/apps/x509v3_config.html|extensions]]:<code>  keyUsage=digitalSignature
  extendedKeyUsage=codeSigning</code>

A certificate used for code-signing must also include the codeSigning extended key usage.