the Debug Log has a line that says "2/26/2015 11:36:15 AM IsValideCertificate = False".WPP use the Verify() Method of the.Net class System.Security.Cryptography.X509Certificates.X509Certificate2
Unfortunately, this method is not 100% accurate, and may return false negative results. This's why there is an option to ignore Code-Signing certificate errors.
If your certificate is successfully used by your Wsus server to sign packages, it's certainly a good certificate.