From fd2e58d6e98cc5e61567b3ae373fccbbba623482 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 16 Sep 2018 19:39:54 +0100
Subject: [PATCH] Specify critical flag when creating a temporary certificate

---
 cookbooks/ssl/resources/certificate.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cookbooks/ssl/resources/certificate.rb b/cookbooks/ssl/resources/certificate.rb
index 7348a6726..bc34ac7b7 100644
--- a/cookbooks/ssl/resources/certificate.rb
+++ b/cookbooks/ssl/resources/certificate.rb
@@ -64,8 +64,8 @@ action :create do
       email "operations@osmfoundation.org"
       common_name new_resource.domains.first
       subject_alt_name alt_names
-      extensions "keyUsage" => { "values" => %w[digitalSignature keyEncipherment] },
-                 "extendedKeyUsage" => { "values" => %w[serverAuth clientAuth] }
+      extensions "keyUsage" => { "values" => %w[digitalSignature keyEncipherment], "critical" => true },
+                 "extendedKeyUsage" => { "values" => %w[serverAuth clientAuth], "critical" => true }
     end
   end
 end
-- 
2.43.2