From 853b6768c41d19b99ad692a865cd3d5cfd53cfd2 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Mon, 16 Jul 2018 12:36:16 -0400
Subject: [PATCH] SSL Module - Allow the CA to sign client certs

---
 salt/ca/init.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/ca/init.sls b/salt/ca/init.sls
index 3d4fe90f4..4cdfff18a 100644
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -25,7 +25,7 @@ pki_private_key:
     - ST: Utah
     - L: Salt Lake City
     - basicConstraints: "critical CA:true"
-    - keyUsage: "critical cRLSign, keyCertSign"
+    - keyUsage: "critical cRLSign, keyCertSign, serverAuth, clientAuth"
     - subjectKeyIdentifier: hash
     - authorityKeyIdentifier: keyid,issuer:always
     - days_valid: 3650