diff --git a/salt/ca/init.sls b/salt/ca/init.sls
index 4cdfff18a..b999b21d4 100644
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -25,7 +25,8 @@ pki_private_key:
     - ST: Utah
     - L: Salt Lake City
     - basicConstraints: "critical CA:true"
-    - keyUsage: "critical cRLSign, keyCertSign, serverAuth, clientAuth"
+    - keyUsage: "critical cRLSign, keyCertSign"
+    - extendedkeyUsage: "serverAuth, clientAuth"
     - subjectKeyIdentifier: hash
     - authorityKeyIdentifier: keyid,issuer:always
     - days_valid: 3650