Persits Software, Inc. Knowledge Base Articles

BUG: This certificate does not appear to be valid for the selected purpose.

Problem Description

Root (self-signed) and other CA certificates created by AspEncrypt (version 2.1.0.2 and earlier), when used for signing other certificates in a CA trust hierarchy, are displayed by Certificate Manager with the following warning:

This certificate does not appear to be valid for the selected purpose.

Solution

The warning is because the BasicConstraints field on the root certificate is incorrect. In order to be acceptable as a CA certificate, it needs to have the "key cert sign" bit set. Microsoft did not enforce the BasicConstraints field until fairly recently and eventually fixed this as part of their recent security push.

A patch has been released by Persits Software, Inc. to fix this bug in AspEncrypt. This bug was fixed in version 2.1.0.3 but inadvertently reintroduced in 2.2. The current fixed version is 2.2.0.1 . This is a free upgrade available for downloading at http://www.aspencrypt.com/download.html.