This error indicates that the certificate used to verify a binary with the ''[[:cmd:imgverify]]'' command is not a code-signing certificate. A certificate used for code-signing must include the codeSigning extended key usage.
Things to try:
* Check that your certificate includes the codeSigning extended key usage. For example, to check the certificate ''codesign.crt'': $ openssl x509 -in codesign.crt -noout -text
...
X509v3 extensions:
X509v3 Key Usage:
Digital Signature
X509v3 Extended Key Usage:
Code Signing
...
* Generate a new code-signing certificate including the codeSigning extended key usage. If you are using [[http://www.openssl.org/|OpenSSL]] to generate the certificate, then you need to include the following [[http://www.openssl.org/docs/apps/x509v3_config.html|extensions]]: keyUsage=digitalSignature
extendedKeyUsage=codeSigning
A certificate used for code-signing must also include the digitalSignature key usage.