The following error occurs when a certificate has been used for a purpose for which it was not authorized.
pkg install: The certificate whose subject is /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta3/emailAddress=ch1_ta3 could not be verified because it has been used inappropriately. The way it is used means that the value for extension keyUsage must include 'DIGITAL SIGNATURE' but the value was 'Certificate Sign, CRL Sign'.
In this case, the certificate ch1_ta3 has been used to sign the package. The keyUsage extension of the certificate means that the certificate is only valid to sign other certificates and CRLs (Certificate Revocation Lists).