diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index 81dfa8d3..a9bb60cc 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -332,9 +332,8 @@ class Certificate(db.Model):
 
                     return_extensions['authority_key_identifier'] = aki
 
-                # TODO: Don't support CRLDistributionPoints yet https://github.com/Netflix/lemur/issues/662
                 elif isinstance(value, x509.CRLDistributionPoints):
-                    current_app.logger.warning('CRLDistributionPoints not yet supported for clone operation.')
+                    return_extensions['crl_distribution_points'] = {'include_crl_dp': value}
 
                 # TODO: Not supporting custom OIDs yet. https://github.com/Netflix/lemur/issues/665
                 else:
diff --git a/lemur/schemas.py b/lemur/schemas.py
index b897f378..9d1836cd 100644
--- a/lemur/schemas.py
+++ b/lemur/schemas.py
@@ -220,6 +220,14 @@ class CertificateInfoAccessSchema(BaseExtensionSchema):
         return {'includeAIA': data['include_aia']}
 
 
+class CRLDistributionPointsSchema(BaseExtensionSchema):
+    include_crl_dp = fields.String()
+
+    @post_dump
+    def handle_keys(self, data):
+        return {'includeCRLDP': data['include_crl_dp']}
+
+
 class SubjectKeyIdentifierSchema(BaseExtensionSchema):
     include_ski = fields.Boolean()
 
@@ -240,13 +248,14 @@ class NamesSchema(BaseExtensionSchema):
 
 
 class ExtensionSchema(BaseExtensionSchema):
-    basic_constraints = BasicConstraintsExtension(missing={'ca': False})
+    basic_constraints = BasicConstraintsExtension()  # some devices balk on default basic constraints
     key_usage = KeyUsageExtension()
     extended_key_usage = ExtendedKeyUsageExtension()
     subject_key_identifier = fields.Nested(SubjectKeyIdentifierSchema)
     sub_alt_names = fields.Nested(NamesSchema)
     authority_key_identifier = fields.Nested(AuthorityKeyIdentifierSchema)
     certificate_info_access = fields.Nested(CertificateInfoAccessSchema)
+    crl_distribution_points = fields.Nested(CRLDistributionPointsSchema, dump_to='cRL_distribution_points')
     # FIXME: Convert custom OIDs to a custom field in fields.py like other Extensions
     # FIXME: Remove support in UI for Critical custom extensions https://github.com/Netflix/lemur/issues/665
     custom = fields.List(fields.Nested(CustomOIDSchema))
diff --git a/lemur/static/app/angular/authorities/authority/extensions.tpl.html b/lemur/static/app/angular/authorities/authority/extensions.tpl.html
index ac815b07..321d2ad8 100644
--- a/lemur/static/app/angular/authorities/authority/extensions.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/extensions.tpl.html
@@ -160,7 +160,7 @@
     <div class="col-sm-10">
       <div class="checkbox">
         <label tooltip-trigger="mouseenter" tooltip-placement="top" uib-tooltip="Ask CA to include/not include AIA extension" >
-          <input type="checkbox" ng-model="authority.extensions.certificateInfoAccess.includeAIA">Include AIA 
+          <input type="checkbox" ng-model="authority.extensions.certificateInfoAccess.includeAIA">Include AIA
         </label>
       </div>
     </div>
@@ -182,7 +182,7 @@
       cRL Distribution Points
     </label>
     <div class="col-sm-8">
-      <select class="form-control" ng-model="authority.extensions.cRLDistributionPoints.includeCRLDP" ng-options="item for item in ['yes', 'no', 'default']"></select>
+      <select class="form-control" ng-model="authority.extensions.crlDistributionPoints.includeCrlDp" ng-options="item for item in ['yes', 'no', 'default']"></select>
     </div>
   </div>
   <div class="form-group">
diff --git a/lemur/static/app/angular/certificates/certificate/options.tpl.html b/lemur/static/app/angular/certificates/certificate/options.tpl.html
index 31c31f96..a52ee387 100644
--- a/lemur/static/app/angular/certificates/certificate/options.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/options.tpl.html
@@ -196,7 +196,7 @@
           cRL Distribution Points
         </label>
         <div class="col-sm-10">
-          <select class="form-control" ng-model="certificate.extensions.cRLDistributionPoints.includeCRLDP"
+          <select class="form-control" ng-model="certificate.extensions.crlDistributionPoints.includeCrlDp"
                   ng-options="item for item in ['yes', 'no', 'default']"></select>
         </div>
       </div>
diff --git a/requirements-tests.txt b/requirements-tests.txt
index 97819b07..6363266a 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -42,8 +42,8 @@ pycparser==2.18           # via cffi
 pyflakes==1.6.0
 pytest-flask==0.10.0
 pytest-mock==1.7.1
-pytest==3.4.2
-python-dateutil==2.6.1    # via botocore, faker, freezegun, moto
+pytest==3.5.0
+python-dateutil==2.7.2    # via botocore, faker, freezegun, moto
 pytz==2018.3              # via moto
 pyyaml==3.12              # via pyaml
 requests-mock==1.4.0
diff --git a/requirements.in b/requirements.in
index b70855e6..bc0afae3 100644
--- a/requirements.in
+++ b/requirements.in
@@ -23,10 +23,10 @@ paramiko==2.4.1  # required for lemur_linuxdst plugin
 pem==17.1.0
 psycopg2
 pyjwt
-pyOpenSSL
+pyOpenSSL==17.2.0
 python_ldap
 raven[flask]==6.2.1
-requests
+requests==2.11.1
 retrying==1.3.3
 six==1.11.0
 SQLAlchemy-Utils
diff --git a/requirements.txt b/requirements.txt
index d95a30ac..e45a67bc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,9 +14,7 @@ bcrypt==3.1.4             # via flask-bcrypt, paramiko
 blinker==1.4              # via flask-mail, flask-principal, raven
 boto3==1.6.12
 botocore==1.9.12          # via boto3, s3transfer
-certifi==2018.1.18        # via requests
 cffi==1.11.5              # via bcrypt, cryptography, pynacl
-chardet==3.0.4            # via requests
 click==6.7                # via flask
 cryptography==2.2.1
 docutils==0.14            # via botocore
@@ -30,7 +28,7 @@ flask-sqlalchemy==2.3.2
 flask==0.12
 future==0.16.0
 gunicorn==19.7.1
-idna==2.6                 # via cryptography, requests
+idna==2.6                 # via cryptography
 inflection==0.3.1
 itsdangerous==0.24        # via flask
 jinja2==2.10
@@ -48,24 +46,23 @@ pbr==3.1.1                # via mock
 pem==17.1.0
 psycopg2==2.7.4
 pyasn1-modules==0.2.1     # via python-ldap
-pyasn1==0.4.2             # via paramiko, pyasn1-modules, python-ldap
+pyasn1==0.4.2             # via paramiko, pyasn1-modules, python-ldap, requests
 pycparser==2.18           # via cffi
 pyjwt==1.6.1
 pynacl==1.2.1             # via paramiko
-pyopenssl==17.5.0
+pyopenssl==17.2.0
 pyrfc3339==1.0            # via acme
 python-dateutil==2.6.1    # via alembic, arrow, botocore
 python-editor==1.0.3      # via alembic
 python-ldap==3.0.0
 pytz==2018.3              # via acme, flask-restful, pyrfc3339
 raven[flask]==6.2.1
-requests[security]==2.18.4
+requests[security]==2.11.1
 retrying==1.3.3
 s3transfer==0.1.13        # via boto3
 six==1.11.0
 sqlalchemy-utils==0.33.1
 sqlalchemy==1.2.5         # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils
 tabulate==0.8.2
-urllib3==1.22             # via requests
 werkzeug==0.14.1          # via flask
 xmltodict==0.11.0