Specify critical flag when creating a temporary certificate
authorTom Hughes <tom@compton.nu>
Sun, 16 Sep 2018 18:39:54 +0000 (19:39 +0100)
committerTom Hughes <tom@compton.nu>
Sun, 16 Sep 2018 19:25:33 +0000 (20:25 +0100)
cookbooks/ssl/resources/certificate.rb

index 7348a6726af6870818233368c501aabd2c5f8b07..bc34ac7b7a26d210acd6a6a2fa22761d83aacc4b 100644 (file)
@@ -64,8 +64,8 @@ action :create do
       email "operations@osmfoundation.org"
       common_name new_resource.domains.first
       subject_alt_name alt_names
-      extensions "keyUsage" => { "values" => %w[digitalSignature keyEncipherment] },
-                 "extendedKeyUsage" => { "values" => %w[serverAuth clientAuth] }
+      extensions "keyUsage" => { "values" => %w[digitalSignature keyEncipherment], "critical" => true },
+                 "extendedKeyUsage" => { "values" => %w[serverAuth clientAuth], "critical" => true }
     end
   end
 end