diff --git a/src/Shared/CertificateGeneration/CertificateManager.cs b/src/Shared/CertificateGeneration/CertificateManager.cs index 17e0d52e4d23..78ea93398cf4 100644 --- a/src/Shared/CertificateGeneration/CertificateManager.cs +++ b/src/Shared/CertificateGeneration/CertificateManager.cs @@ -156,7 +156,7 @@ public X509Certificate2 CreateAspNetCoreHttpsDevelopmentCertificate(DateTimeOffs var sanBuilder = new SubjectAlternativeNameBuilder(); sanBuilder.AddDnsName(LocalhostHttpsDnsName); - var keyUsage = new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment, critical: true); + var keyUsage = new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature, critical: true); var enhancedKeyUsage = new X509EnhancedKeyUsageExtension( new OidCollection() { new Oid( diff --git a/src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs b/src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs index 5b770a4b04bd..e1849607d3b1 100644 --- a/src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs +++ b/src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs @@ -75,7 +75,7 @@ public void EnsureCreateHttpsCertificate_CreatesACertificate_WhenThereAreNoHttps httpsCertificate.Extensions.OfType(), e => e is X509KeyUsageExtension keyUsage && keyUsage.Critical == true && - keyUsage.KeyUsages == X509KeyUsageFlags.KeyEncipherment); + keyUsage.KeyUsages == (X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature)); Assert.Contains( httpsCertificate.Extensions.OfType(), @@ -162,7 +162,7 @@ public void EnsureCreateHttpsCertificate2_CreatesACertificate_WhenThereAreNoHttp httpsCertificate.Extensions.OfType(), e => e is X509KeyUsageExtension keyUsage && keyUsage.Critical == true && - keyUsage.KeyUsages == X509KeyUsageFlags.KeyEncipherment); + keyUsage.KeyUsages == (X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature)); Assert.Contains( httpsCertificate.Extensions.OfType(),