From 5a0aae5fe7ce53f598d98c01c8c8b1f4ba0d1d6f Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 11 Aug 2020 15:34:07 -0400
Subject: [PATCH] SSL intraca

---
 salt/ssl/init.sls | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 6d8674c92..a0cade9f6 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -496,6 +496,18 @@ fleetkeyperms:
 
 {% if grains['role'] in ['so-node', 'so-heavynode'] %}
 # Create a cert for elasticsearch
+/etc/pki/elasticsearch.key:
+  x509.private_key_managed:
+    - CN: {{ manager }}
+    - bits: 4096
+    - days_remaining: 0
+    - days_valid: 820
+    - backup: True
+    - new: True
+    {% if salt['file.file_exists']('/etc/pki/elasticsearch.key') -%}
+    - prereq:
+      - x509: /etc/pki/elasticsearch.crt
+      
 /etc/pki/elasticsearch.crt:
   x509.certificate_managed:
     - ca_server: {{ ca_server }}
@@ -516,17 +528,5 @@ miniokeyperms:
     - name: /etc/pki/elasticsearch.key
     - mode: 640
     - group: 930
-
-/etc/pki/elasticsearch.key:
-  x509.private_key_managed:
-    - CN: {{ manager }}
-    - bits: 4096
-    - days_remaining: 0
-    - days_valid: 820
-    - backup: True
-    - new: True
-    {% if salt['file.file_exists']('/etc/pki/elasticsearch.key') -%}
-    - prereq:
-      - x509: /etc/pki/elasticsearch.crt
     {%- endif %}
 {%- endif %}
\ No newline at end of file