Article PS030304105 BUG: This certificate does not appear to be valid for the selected purpose. Problem Description Root (self-signed) and other CA certificates created by AspEncrypt (version 2.1.0.2 and earlier), when used for signing other certificates in a CA trust hierarchy, are displayed by Certificate Manager with the following warning: This certificate does not appear to be valid for the selected purpose. Solution The warning is because the BasicConstraints field on the root certificate is incorrect. In order to be acceptable as a CA certificate, it needs to have the "key cert sign" bit set. Microsoft did not enforce the BasicConstraints field until fairly recently and eventually fixed this as part of their recent security push. A patch has been released by Persits Software, Inc. to fix this bug in AspEncrypt. This bug was fixed in version 2.1.0.3 but inadvertently reintroduced in 2.2. The current fixed version is 2.2.0.1 . This is a free upgrade available for downloading at http://www.aspencrypt.com/download.html. Created: 3/4/2003 4:47:17 PM Last Modified: 10/3/2003 2:04:53 PM Copyright © Persits Software, Inc. 1998 - 2018 For technical support, write to support@persits.com.