Resolution:
it indicates that the server's (secureftp.statestreetkc.com) root certificate does not have the "Basic Contraints"   X509 v3 extension such as

X509v3 Basic Constraints: critical
     CA:TRUE


Pl. find the excerpt of section 4.2.1.10 from spec (http://www.ietf.org/rfc/rfc2459.txt) below:

------rfc2459---------
4.2.1.10  Basic Constraints

   The basic constraints extension identifies whether the subject of the
   certificate is a CA and how deep a certification path may exist
   through that CA.

   The pathLenConstraint field is meaningful only if cA is set to TRUE.
   In this case, it gives the maximum number of CA certificates that may
   follow this certificate in a certification path. A value of zero
   indicates that only an end-entity certificate may follow in the path.
   Where it appears, the pathLenConstraint field MUST be greater than or
   equal to zero. Where pathLenConstraint does not appear, there is no
   limit to the allowed length of the certification path.

   This extension MUST appear as a critical extension in all CA
   certificates.  This extension SHOULD NOT appear in end entity
   certificates.

   id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }

   BasicConstraints ::= SEQUENCE {
        cA                      BOOLEAN DEFAULT FALSE,
        pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
----------------------

This extension MUST appears in certificates that sign other leaf certificates.