chaos/salt-master
Archived
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

distribute intca to /etc/ssl/certs also

Browse Source
This commit is contained in:
do
2021-02-16 17:05:41 +01:00
parent 7ec3a3739d
commit f60cbb6117
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
base/pki/cert.sls
View File

@@ -8,3 +8,14 @@
/etc/pki/intca.crt:
x509.pem_managed:
- text: {{ salt['mine.get']('tumor.chaos', 'x509.get_pem_entries')['tumor.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
/etc/ssl/certs/intca.crt:
x509.pem_managed:
- text: {{ salt['mine.get']('tumor.chaos', 'x509.get_pem_entries')['tumor.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
/usr/sbin/update-ca-certificates:
cmd.run:
- onchanges:
- x509: /etc/ssl/certs/intca.crt

3
base/pki/signing_policies.conf
View File

@@ -11,7 +11,8 @@ x509_signing_policies:
- ST: Berlin
- L: Berlin
- basicConstraints: "critical CA:false"
- keyUsage: "nonRepudiation, digitalSignature, keyEncipherment"
- keyUsage: "nonRepudiation, digitalSignature, keyEncipherment, keyAgreement"
- extendedKeyUsage: "serverAuth, clientAuth"
- subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always
- days_valid: 365