BasicConstraintsExtension constraintsExtension = new BasicConstraintsExtension(true,-1); // true indicates this is a CA; -1 means no restriction on path length; 0 or more to set a restriction on max number of certs under this one in the chain
// certificate signing extension
if( keyUsageExtension == null ) { keyUsageExtension = new KeyUsageExtension(); }
keyUsageExtension.set(KeyUsageExtension.KEY_CERTSIGN, true);
// add both
if( certificateExtensions == null ) { certificateExtensions = new CertificateExtensions(); }
certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension);
certificateExtensions.set(constraintsExtension.getExtensionId().toString(), constraintsExtension);
info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
}
catch(Exception e) {