switch up the options for cert generating, still TODO: serials

ca.js

@@ -63,13 +63,14 @@ function generateCertificate(privateKey, publicKey) {
 	cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 10);
 	cert.setSubject(CAAttrs);
 	cert.setIssuer(CAAttrs);
-	cert.setExtensions([
+	cert.setExtensions([	
 		{
 			name: "basicConstraints",
-			cA: false,
+			cA: true,
 		},
 		{
 			name: "keyUsage",
+			keyCertSign: true,
 			digitalSignature: true,
 			nonRepudiation: true,
 			keyEncipherment: true,
@@ -114,11 +115,10 @@ function verifyCSR(csrPem, allowedDomains) {
 	cert.setExtensions([
 		{
 			name: "basicConstraints",
-			cA: true,
+			cA: false,
 		},
 		{
 			name: "keyUsage",
-			keyCertSign: true,
 			digitalSignature: true,
 			nonRepudiation: true,
 			keyEncipherment: true,