certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(caCert));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
subjectKeyWriter.getSubjectKeyIdentifier(clientKeyPair, extensions));
certGen.addExtension(X509Extensions.ExtendedKeyUsage, false,
new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
// Add an alternate name if provided
if (alternateName != null) {
GeneralName name = new GeneralName(GeneralName.uniformResourceIdentifier,
"CN=" + alternateName);