From 54067d544684a2139ffd24f9dbd60c8da67279a7 Mon Sep 17 00:00:00 2001
From: Tim <github@linuxrehab.com>
Date: Tue, 17 Apr 2018 16:25:10 -0700
Subject: [PATCH] Add Key Encipherment bit to Key Usage extension

Google Chrome rejects the certificate for SSL connections if the Key Usage extension does not include the keyEncipherment purpose.
---
 pkg/issuer/ca/issue.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/issuer/ca/issue.go b/pkg/issuer/ca/issue.go
index 105578bf1..1df8e0d2e 100644
--- a/pkg/issuer/ca/issue.go
+++ b/pkg/issuer/ca/issue.go
@@ -110,7 +110,7 @@ func createCertificateTemplate(publicKey interface{}, commonName string, altName
 		NotBefore: time.Now(),
 		NotAfter:  time.Now().Add(certificateDuration),
 		// see http://golang.org/pkg/crypto/x509/#KeyUsage
-		KeyUsage: x509.KeyUsageDigitalSignature,
+		KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
 		DNSNames: altNames,
 	}
 	return cert, nil