builder.build(),
generateSerialNumber(BigInteger.valueOf(KEY_SIZE)),
calBegin.getTime(), calEnd.getTime(), builder.build(),
kp.getPublic());
certGen.addExtension(X509Extension.subjectKeyIdentifier, false,
new SubjectKeyIdentifier(kp.getPublic().getEncoded()));
certGen.addExtension(X509Extension.basicConstraints, false,
new BasicConstraints(0));
// convert the certificate to a standard one
final X509Certificate cert = new JcaX509CertificateConverter()
.setProvider(BouncyCastleProvider.PROVIDER_NAME)