diff --git a/certs/test/cert-ext-ia.cfg b/certs/test/cert-ext-ia.cfg
index 8721916b3..44be1126a 100644
--- a/certs/test/cert-ext-ia.cfg
+++ b/certs/test/cert-ext-ia.cfg
@@ -10,7 +10,7 @@ L             = Brisbane
 O             = wolfSSL Inc
 OU            = Engineering
 CN            = www.wolfssl.com
-emailAddress  = support@www.wolfsssl.com
+emailAddress  = support@wolfsssl.com
 
 [ v3_ca ]
 inhibitAnyPolicy = critical,1
diff --git a/certs/test/cert-ext-ia.der b/certs/test/cert-ext-ia.der
index 73ea7c0a8..1099fa986 100644
Binary files a/certs/test/cert-ext-ia.der and b/certs/test/cert-ext-ia.der differ
diff --git a/certs/test/cert-ext-nc.cfg b/certs/test/cert-ext-nc.cfg
index b27f3f4fe..9e8ff6be5 100644
--- a/certs/test/cert-ext-nc.cfg
+++ b/certs/test/cert-ext-nc.cfg
@@ -10,9 +10,13 @@ L             = Brisbane
 O             = wolfSSL Inc
 OU            = Engineering
 CN            = www.wolfssl.com
-emailAddress  = support@www.wolfsssl.com
+emailAddress  = support@wolfsssl.com
 
 [ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 nameConstraints = critical,permitted;email:.wolfssl.com
 nsComment       = "Testing name constraints"
 
diff --git a/certs/test/cert-ext-nc.der b/certs/test/cert-ext-nc.der
index ff944476d..ffb2c1338 100644
Binary files a/certs/test/cert-ext-nc.der and b/certs/test/cert-ext-nc.der differ
diff --git a/certs/test/gen-ext-certs.sh b/certs/test/gen-ext-certs.sh
old mode 100644
new mode 100755
index 20b61e9c9..1d5d9b784
--- a/certs/test/gen-ext-certs.sh
+++ b/certs/test/gen-ext-certs.sh
@@ -33,9 +33,13 @@ L             = Brisbane
 O             = wolfSSL Inc
 OU            = Engineering
 CN            = www.wolfssl.com
-emailAddress  = support@www.wolfsssl.com
+emailAddress  = support@wolfsssl.com
 
 [ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 nameConstraints = critical,permitted;email:.wolfssl.com
 nsComment       = "Testing name constraints"
 
@@ -58,7 +62,7 @@ L             = Brisbane
 O             = wolfSSL Inc
 OU            = Engineering
 CN            = www.wolfssl.com
-emailAddress  = support@www.wolfsssl.com
+emailAddress  = support@wolfsssl.com
 
 [ v3_ca ]
 inhibitAnyPolicy = critical,1
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index de81d3f35..85cc90a4d 100755
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6363,7 +6363,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
                 /* Verify RFC 5280 Sec 4.2.1.10 rule:
                     "The name constraints extension,
                     which MUST be used only in a CA certificate" */
-                if (!cert->ca) {
+                if (!cert->isCA) {
                     WOLFSSL_MSG("Name constraints allowed only for CA certs");
                     return ASN_NAME_INVALID_E;
                 }