From: Tom Hughes <tom@compton.nu>
Date: Sun, 16 Sep 2018 18:39:54 +0000 (+0100)
Subject: Specify critical flag when creating a temporary certificate
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/fd2e58d6e98cc5e61567b3ae373fccbbba623482?ds=inline

Specify critical flag when creating a temporary certificate
---

diff --git a/cookbooks/ssl/resources/certificate.rb b/cookbooks/ssl/resources/certificate.rb
index 7348a6726..bc34ac7b7 100644
--- a/cookbooks/ssl/resources/certificate.rb
+++ b/cookbooks/ssl/resources/certificate.rb
@@ -64,8 +64,8 @@ action :create do
       email "operations@osmfoundation.org"
       common_name new_resource.domains.first
       subject_alt_name alt_names
-      extensions "keyUsage" => { "values" => %w[digitalSignature keyEncipherment] },
-                 "extendedKeyUsage" => { "values" => %w[serverAuth clientAuth] }
+      extensions "keyUsage" => { "values" => %w[digitalSignature keyEncipherment], "critical" => true },
+                 "extendedKeyUsage" => { "values" => %w[serverAuth clientAuth], "critical" => true }
     end
   end
 end