From 5f30c947c95fc3df00559731cace19ffd1297652 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 11 Aug 2020 15:12:23 -0400
Subject: [PATCH] SSL intraca

---
 salt/elasticsearch/init.sls | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index 28db606f1..6aa1257bf 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -200,9 +200,13 @@ so-elasticsearch:
       - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw
       - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro
       {%- if FEATURES is sameas true %}
+        {%- if grains['role'] in ['so-node','so-heavynode'] %}
+      - /etc/ssl/certs/intca.crt:/usr/share/elasticsearch/config/ca.crt:ro
+        {%- else %}
       - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro
       - /etc/pki/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key:ro
       - /etc/pki/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt:ro
+        {%- endif %}
       {%- endif %}
     - watch:
       - file: cacertz