diff --git a/base/pki/host.sls b/base/pki/host.sls
index 1b4ced3..f464441 100644
--- a/base/pki/host.sls
+++ b/base/pki/host.sls
@@ -38,6 +38,7 @@
     - append
     - sources:
       - /etc/pki/{{ cn }}.crt
+      - /etc/pki/intca.crt
       - /etc/pki/private.key
     - require:
       - file: /etc/pki/chain
diff --git a/base/pki/signing_policies.conf b/base/pki/signing_policies.conf
index 85b94fe..63dec1d 100644
--- a/base/pki/signing_policies.conf
+++ b/base/pki/signing_policies.conf
@@ -11,8 +11,8 @@ x509_signing_policies:
     - ST: Berlin
     - L: Berlin
     - basicConstraints: "critical CA:false"
-    - keyUsage: "critical keyEncipherment"
+    - keyUsage: "nonRepudiation, digitalSignature, keyEncipherment"
     - subjectKeyIdentifier: hash
     - authorityKeyIdentifier: keyid,issuer:always
-    - days_valid: 360
+    - days_valid: 365
     - copypath: /etc/pki/issued_certs/