diff --git a/tasks/deployer.yml b/tasks/deployer.yml
index d5e6620..a9d84c6 100644
--- a/tasks/deployer.yml
+++ b/tasks/deployer.yml
@@ -486,6 +486,9 @@
     organizationName: "{{ config.openssl.certificates[cert].organization.name }}"
     organizationalUnitName: "{{ config.openssl.certificates[cert].organization.unit }}"
     countryName: FI
+    basicConstraints:
+      - CA
+    basic_constraints_critical: true
   loop: "{{ config.openssl.certificates.keys() | list }}"
   loop_control:
     label: "{{ cert }}"
@@ -508,6 +511,9 @@
     stateOrProvinceName: "{{ config.openssl.certificates[cert].location.providence }}"
     localityName: "{{ config.openssl.certificates[cert].location.city }}"
     countryName: FI
+    basicConstraints:
+      - CA
+    basic_constraints_critical: true
   loop: "{{ config.openssl.certificates.keys() | list }}"
   loop_control:
     label: "{{ cert }}"