From 5137866826622bedf965dc26b48e0408a71ce5a7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 16 Jul 2018 12:44:28 -0400 Subject: [PATCH] SSL Module - Allow the CA to sign client certs --- salt/ca/init.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/ca/init.sls b/salt/ca/init.sls index 4cdfff18a..b999b21d4 100644 --- a/salt/ca/init.sls +++ b/salt/ca/init.sls @@ -25,7 +25,8 @@ pki_private_key: - ST: Utah - L: Salt Lake City - basicConstraints: "critical CA:true" - - keyUsage: "critical cRLSign, keyCertSign, serverAuth, clientAuth" + - keyUsage: "critical cRLSign, keyCertSign" + - extendedkeyUsage: "serverAuth, clientAuth" - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - days_valid: 3650