diff --git a/certoperations.js b/certoperations.js
index 445977e3..8c96f436 100644
--- a/certoperations.js
+++ b/certoperations.js
@@ -418,6 +418,21 @@ module.exports.CertificateOperations = function (parent) {
             var rootPrivateKey = obj.fileLoad("root-cert-private.key", "utf8");
             r.root = { cert: rootCertificate, key: rootPrivateKey };
             rcount++;
+
+            // Check if the root certificate has the "Certificate Signing (04)" Key usage.
+            // This option is required for newer versions of Intel AMT for CIRA/WS-EVENTS.
+            var xroot = obj.pki.certificateFromPem(rootCertificate);
+            var xext = xroot.getExtension("keyUsage");
+            if ((xext == null) || (xext.keyCertSign !== true)) {
+                // We need to fix this certificate
+                console.log('Fixing root certificate to add signing key usage...');
+                obj.fs.writeFileSync(parent.getConfigFilePath("root-cert-public-backup.crt"), rootCertificate);
+                xroot.setExtensions([{ name: "basicConstraints", cA: true }, { name: "subjectKeyIdentifier" }, { name: "keyUsage", keyCertSign: true }]);
+                var xrootPrivateKey = obj.pki.privateKeyFromPem(rootPrivateKey);
+                xroot.sign(xrootPrivateKey, obj.forge.md.sha384.create());
+                r.root.cert = obj.pki.certificateToPem(xroot);
+                try { obj.fs.writeFileSync(parent.getConfigFilePath("root-cert-public.crt"), r.root.cert); } catch (ex) { }
+            }
         }
 
         if (args.tlsoffload) {
diff --git a/package.json b/package.json
index 740ee815..fb080e2b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "meshcentral",
-  "version": "0.4.4-a",
+  "version": "0.4.4-b",
   "keywords": [
     "Remote Management",
     "Intel AMT",