keyUsage and intca for all

2021-02-12 19:19:23 +01:00
parent 7a01441744
commit 7ec3a3739d
2 changed files with 3 additions and 2 deletions
--- a/base/pki/host.sls
+++ b/base/pki/host.sls
@@ -38,6 +38,7 @@
    - append
    - sources:
      - /etc/pki/{{ cn }}.crt
+      - /etc/pki/intca.crt
      - /etc/pki/private.key
    - require:
      - file: /etc/pki/chain
--- a/base/pki/signing_policies.conf
+++ b/base/pki/signing_policies.conf
@@ -11,8 +11,8 @@ x509_signing_policies:
    - ST: Berlin
    - L: Berlin
    - basicConstraints: "critical CA:false"
-    - keyUsage: "critical keyEncipherment"
+    - keyUsage: "nonRepudiation, digitalSignature, keyEncipherment"
    - subjectKeyIdentifier: hash
    - authorityKeyIdentifier: keyid,issuer:always
-    - days_valid: 360
+    - days_valid: 365
    - copypath: /etc/pki/issued_certs/