KeyCertSign is a KeyUsage bit
that is asserted when the Certificate Subject Public Key
is used for verifying Digital Signature
on Public Key certificates
KeyCertSign bit requires the cA bit in the basic constraints extension (RFC 5280 Section 126.96.36.199) MUST also be asserted.
There might be more information for this subject on one of the following: