From 839a49de0a1f0907b83469e2a61f699ec1072971 Mon Sep 17 00:00:00 2001
From: Thomas Lynch <tom@69420.me>
Date: Sun, 19 Mar 2023 15:26:55 +1100
Subject: [PATCH] switch up the options for cert generating, still TODO:
 serials

---
 ca.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ca.js b/ca.js
index 9ffac20..e589330 100644
--- a/ca.js
+++ b/ca.js
@@ -63,13 +63,14 @@ function generateCertificate(privateKey, publicKey) {
 	cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 10);
 	cert.setSubject(CAAttrs);
 	cert.setIssuer(CAAttrs);
-	cert.setExtensions([
+	cert.setExtensions([	
 		{
 			name: "basicConstraints",
-			cA: false,
+			cA: true,
 		},
 		{
 			name: "keyUsage",
+			keyCertSign: true,
 			digitalSignature: true,
 			nonRepudiation: true,
 			keyEncipherment: true,
@@ -114,11 +115,10 @@ function verifyCSR(csrPem, allowedDomains) {
 	cert.setExtensions([
 		{
 			name: "basicConstraints",
-			cA: true,
+			cA: false,
 		},
 		{
 			name: "keyUsage",
-			keyCertSign: true,
 			digitalSignature: true,
 			nonRepudiation: true,
 			keyEncipherment: true,