diff --git a/javascript/src/utilities/signingUtilities.js b/javascript/src/utilities/signingUtilities.js
index 00d08544476fa4765696064f42de291a01811ad2..29628d93ecf2675c39112d34df802f75414b465c 100644
--- a/javascript/src/utilities/signingUtilities.js
+++ b/javascript/src/utilities/signingUtilities.js
@@ -61,7 +61,9 @@ const KEY_USAGE_LeafCertificate =
   KEY_USAGE_KeyEncipherment |
   KEY_USAGE_DataEncipherment;
 const KEY_USAGE_CertificateAuthority =
-  KEY_USAGE_DigitalSignature | KEY_USAGE_KeyCertSign | KEY_USAGE_CRLSign;
+  KEY_USAGE_DigitalSignature |
+  KEY_USAGE_KeyCertSign |
+  KEY_USAGE_CRLSign;
 
 const OID_EXT_KEY_USAGE_Any = "2.5.29.37.0";
 const OID_ID_PKIX_ServerAuth = "1.3.6.1.5.5.7.3.1";
@@ -612,9 +614,18 @@ function createCertificate(certData, issuerData = null) {
     //endregion "KeyUsage" extension
 
     //region "ExtKeyUsage" extension
-    if (!certData.isCA && certData.subject.email) {
+    if (!certData.isCA) {
+      const keyPurposes = [];
+      if (certData.subject.url) {
+        keyPurposes.push(OID_ID_PKIX_ServerAuth, OID_ID_PKIX_ClientAuth);
+      }
+      if (certData.subject.email) {
+        keyPurposes.push(OID_ID_PKIX_EmailProtection);
+      }
+      keyPurposes.push(OID_ID_PKIX_TimeStamping);
+
       const extKeyUsage = new pkijs.ExtKeyUsage({
-        keyPurposes: [OID_ID_PKIX_EmailProtection]
+        keyPurposes: keyPurposes
       });
 
       certificate.extensions.push(
@@ -678,6 +689,8 @@ function createCertificate(certData, issuerData = null) {
     );
     //endregion "SubjectKeyIdentifier" extension
 
+    //TODO add policy
+
     /* COULD NOT GET IT WORKING
         //region "AuthorityKeyIdentifier" extension
         if (issuerData && issuerData.certificate) {
@@ -1530,3 +1543,4 @@ export class ImageData {
 
 //Initialization block
 fixPkijsRDN();
+