intca in /etc/pki and multiple CNS

base/pki/cert.sls

@@ -2,9 +2,9 @@
 # vim: ft=yaml
 ---
 
-/usr/local/share/ca-certificates:
-  file.directory
+#/usr/local/share/ca-certificates:
+#  file.directory
 
-/usr/local/share/ca-certificates/intca.crt:
+/etc/pki/intca.crt:
   x509.pem_managed:
     - text: {{ salt['mine.get']('tumor.chaos', 'x509.get_pem_entries')['tumor.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}

base/pki/host.sls

@@ -15,7 +15,22 @@
     - signing_policy: host
     - public_key: /etc/pki/private.key
     - CN: {{ grains['fqdn'] }} 
-    - days_remaining: 30
+    - days_remaining: 90
     - backup: True
     - require:
       - x509: /etc/pki/private.key
+      
+{% for cn in salt['pillar.get']('pki:cns',{}) %}
+
+/etc/pki/{{ cn }}.crt:
+  x509.certificate_managed:
+    - ca_server: tumor.chaos 
+    - signing_policy: host
+    - public_key: /etc/pki/private.key
+    - CN: {{ cn }} 
+    - days_remaining: 90
+    - backup: False
+    - require:
+      - x509: /etc/pki/private.key
+{% endfor %}
+