diff --git a/Private-CA-and-self-signed-certs-that-work-with-Chrome.md b/Private-CA-and-self-signed-certs-that-work-with-Chrome.md
index 26eae18..b743ac9 100644
--- a/Private-CA-and-self-signed-certs-that-work-with-Chrome.md
+++ b/Private-CA-and-self-signed-certs-that-work-with-Chrome.md
@@ -33,7 +33,7 @@ openssl req -new -key bitwarden.key -out bitwarden.csr
 Create a text file `bitwarden.ext` with the following content, change the domain names to your setup.
 ```
 authorityKeyIdentifier=keyid,issuer
-basicConstraints=CA:FALSE
+basicConstraints=CA:TRUE
 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 extendedKeyUsage = serverAuth
 subjectAltName = @alt_names
@@ -49,7 +49,9 @@ Create the bitwarden certificate, signed from the root CA:
 ```
 openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile bitwarden.ext
 ```
-Note: As of April 2019 iOS 13+ and macOS 15+, the server certificate can not have an expiry > 825 and must include ExtendedKeyUsage extension https://support.apple.com/en-us/HT210176 
+Note: As of April 2019 iOS 13+ and macOS 15+, the server certificate can not have an expiry > 825 and must include ExtendedKeyUsage extension https://support.apple.com/en-us/HT210176
+
+Note: As of Android 11, the `basicConstraints` value must be set to `CA:TRUE` in order to be importable via the Settings app.
  
 Add the root certificate and the bitwarden certificate to client computers.