From 4cc4495848e5ca7e2bf9277713a44299d8255b79 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Mon, 16 Jul 2018 17:46:19 -0400
Subject: [PATCH] SSL Module - Allow the CA to sign client certs

---
 salt/ssl/init.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index f475c4758..7f235c6ee 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -26,7 +26,7 @@ m2cryptopkgs:
     - CN: {{ master }}
     - days_remaining: 3000
     - backup: True
-    - keyUsage: "critical keyEncipherment"
+    - keyUsage: "digitalSignature, nonRepudiation"
     - extendedkeyUsage: "serverAuth, clientAuth"
     - managed_private_key:
         name: /etc/pki/filebeat.key