private static X509Certificate createSignedCertificate(X509Certificate certificate, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean isLeaf) throws CertificateException, IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { Principal issuer = issuerCertificate.getSubjectDN(); String issuerSigAlg = issuerCertificate.getSigAlgName(); byte[] inCertBytes = certificate.getTBSCertificate(); X509CertInfo info = new X509CertInfo(inCertBytes); info.set(X509CertInfo.ISSUER, issuer); if (!isLeaf) { CertificateExtensions exts = new CertificateExtensions(); BasicConstraintsExtension bce = new BasicConstraintsExtension(true, -1); exts.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(false, bce.getExtensionValue())); info.set(X509CertInfo.EXTENSIONS, exts); } X509CertImpl outCert = new X509CertImpl(info); outCert.sign(issuerPrivateKey, issuerSigAlg); return outCert; }