Support extendedKeyUsage flags in self-signed certificates