intca in /etc/pki and multiple CNS
This commit is contained in:
do
@@ -2,9 +2,9 @@
|
|||||||
# vim: ft=yaml
|
# vim: ft=yaml
|
||||||
---
|
---
|
||||||
|
|
||||||
/usr/local/share/ca-certificates:
|
#/usr/local/share/ca-certificates:
|
||||||
file.directory
|
# file.directory
|
||||||
|
|
||||||
/usr/local/share/ca-certificates/intca.crt:
|
/etc/pki/intca.crt:
|
||||||
x509.pem_managed:
|
x509.pem_managed:
|
||||||
- text: {{ salt['mine.get']('tumor.chaos', 'x509.get_pem_entries')['tumor.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
|
- text: {{ salt['mine.get']('tumor.chaos', 'x509.get_pem_entries')['tumor.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
|
||||||
|
|||||||
@@ -15,7 +15,22 @@
|
|||||||
- signing_policy: host
|
- signing_policy: host
|
||||||
- public_key: /etc/pki/private.key
|
- public_key: /etc/pki/private.key
|
||||||
- CN: {{ grains['fqdn'] }}
|
- CN: {{ grains['fqdn'] }}
|
||||||
- days_remaining: 30
|
- days_remaining: 90
|
||||||
- backup: True
|
- backup: True
|
||||||
- require:
|
- require:
|
||||||
- x509: /etc/pki/private.key
|
- x509: /etc/pki/private.key
|
||||||
|
|
||||||
|
{% for cn in salt['pillar.get']('pki:cns',{}) %}
|
||||||
|
|
||||||
|
/etc/pki/{{ cn }}.crt:
|
||||||
|
x509.certificate_managed:
|
||||||
|
- ca_server: tumor.chaos
|
||||||
|
- signing_policy: host
|
||||||
|
- public_key: /etc/pki/private.key
|
||||||
|
- CN: {{ cn }}
|
||||||
|
- days_remaining: 90
|
||||||
|
- backup: False
|
||||||
|
- require:
|
||||||
|
- x509: /etc/pki/private.key
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
Reference in New Issue
Block a user