private static CertificateExtensions getCertificateExtensions(
PublicKey pubKey, PublicKey caPubKey) throws IOException {
CertificateExtensions ext = new CertificateExtensions();
ext.set(SubjectKeyIdentifierExtension.NAME,
new SubjectKeyIdentifierExtension(new KeyIdentifier(pubKey)
.getIdentifier()));
ext.set(AuthorityKeyIdentifierExtension.NAME,
new AuthorityKeyIdentifierExtension(
new KeyIdentifier(caPubKey), null, null));
// Basic Constraints
ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(
/* isCritical */Boolean.TRUE, /* isCA */false, /* pathLen */5));