After setting up secure UI communication following the documented procedure from the

Release automation documentation  Secure Communications using a CA signed certificate

instead off a selfsigned certificate ASAP fails to start with the  following error 

"Extended key usage does not permit use for code signing" .

You get this error "Extended key usage does not permit use for code signing" because you signed the 

custom-truststore.jar in step 6 with a certificate which is not enabled for code signing . 

You need to request a certificate from your certificate authority which is enabled for code signing and server identification. 

In some cases the CA does not issue any certificate's which are enabled for code signing and server identification in one certificate.

In that scenario you need to request a seperate certificate for code signing and use this one to sign the custom-truststore.jar in step 6.