Unable to create "Sign CRL" extension on certificate

[DiegoGR97]

Hello! I've been trying to create a self-signed certificate for my organization since we're developing our own PKI based internal digital signature system. So far, it has worked great for me. I don't have any trouble setting it as its own issuer, using it to sign any child certificates, and generating PKCS12 files for signing documents with them. My only problem, though, is that I need it to have the same extensions shown in the "intended usage" section of the following root certificate provided to us from a certificate authority: (Image is a snippet from the certificate being shown on Adobe Acrobat Reader, when consulting a signature's info).

The way I'm setting the certificate's extensions is through the following code:

cert.setExtensions([ { name: "basicConstraints", cA: true, }, { name: "keyUsage", keyCertSign: false, digitalSignature: true, nonRepudiation: false, keyEncipherment: true, dataEncipherment: false, }, { name: "extKeyUsage", serverAuth: false, clientAuth: true, codeSigning: false, emailProtection: true, timeStamping: false, }, ]);

But this code will only create the following extension:

Do any of you guys know if there's support for creating the "Sign CRL" extension for a X509 certificate with Forge? If not, which code snippet could I change on the node module in order to provide support for such extension?

[jackywxd]

@DiegoGR97 Try this:

cert.setExtensions([ { name: 'basicConstraints', cA: true, }, { name: 'keyUsage', keyCertSign: true, cRLSign: true, }, ]);