From 06037d8222764e7a6ddda1e6eb67f6ca00fc254b Mon Sep 17 00:00:00 2001
From: dlee35 <dlee35@gmail.com>
Date: Thu, 13 Dec 2018 16:28:52 -0500
Subject: [PATCH] generate self-signed cert for osquery clients

---
 salt/ssl/init.sls | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index f20988694..55444284c 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -96,12 +96,18 @@ fbcrtlink:
         bits: 4096
         backup: True
 
-# Create a cert for OSQuery
+# Create a private key and cert for OSQuery
+/etc/pki/fleet.key:
+  x509.private_key_managed:
+    - CN: {{ master }}
+    - bits: 4096
+    - days_remaining: 0
+    - days_valid: 3650
+    - backup: True
+
 /etc/pki/fleet.crt:
   x509.certificate_managed:
-    - ca_server: {{ master }}
-    - signing_policy: fleet
-    - public_key: /etc/pki/fleet.key
+    - signing_private_key: /etc/pki/fleet.key
     - CN: {{ master }}
     - days_remaining: 0
     - days_valid: 3650