Merge pull request #11831 from Security-Onion-Solutions/TOoSmOotH-patch-3

Update signing_policies.conf

salt/ca/files/signing_policies.conf

@@ -37,7 +37,7 @@ x509_signing_policies:
     - ST: Utah
     - L: Salt Lake City
     - basicConstraints: "critical CA:false"
-    - keyUsage: "critical keyEncipherment"
+    - keyUsage: "critical keyEncipherment digitalSignature"
     - subjectKeyIdentifier: hash
     - authorityKeyIdentifier: keyid,issuer:always
     - extendedKeyUsage: serverAuth

salt/common/tools/sbin/soup

@@ -775,8 +775,11 @@ post_to_2.3.270() {
 }
 
 post_to_2.3.280() {
-  echo "Nothing to do for .280"
+  salt-call state.apply ca queue=True
-
+  stop_salt_minion
+  mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
+  mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
+  systemctl_func "start" "salt-minion"
   POSTVERSION=2.3.280
 }