From 7b4d471d7eea032b42089890ba4cb1ddcadca253 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Mon, 1 Dec 2025 12:02:55 -0500 Subject: [PATCH] cert expire test --- salt/ca/files/signing_policies.conf | 12 ++++++------ salt/ca/init.sls | 2 +- salt/kafka/ssl.sls | 6 +++--- salt/nginx/enabled.sls | 2 +- salt/ssl/init.sls | 24 ++++++++++++------------ 5 files changed, 23 insertions(+), 23 deletions(-) diff --git a/salt/ca/files/signing_policies.conf b/salt/ca/files/signing_policies.conf index 4fc04aacc..38acb60fe 100644 --- a/salt/ca/files/signing_policies.conf +++ b/salt/ca/files/signing_policies.conf @@ -10,7 +10,7 @@ x509_signing_policies: - keyUsage: "digitalSignature, nonRepudiation" - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - - days_valid: 820 + - days_valid: 9 - copypath: /etc/pki/issued_certs/ registry: - minions: '*' @@ -24,7 +24,7 @@ x509_signing_policies: - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - extendedKeyUsage: serverAuth - - days_valid: 820 + - days_valid: 9 - copypath: /etc/pki/issued_certs/ managerssl: - minions: '*' @@ -38,7 +38,7 @@ x509_signing_policies: - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - extendedKeyUsage: serverAuth - - days_valid: 820 + - days_valid: 9 - copypath: /etc/pki/issued_certs/ influxdb: - minions: '*' @@ -52,7 +52,7 @@ x509_signing_policies: - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - extendedKeyUsage: serverAuth - - days_valid: 820 + - days_valid: 9 - copypath: /etc/pki/issued_certs/ elasticfleet: - minions: '*' @@ -65,7 +65,7 @@ x509_signing_policies: - keyUsage: "digitalSignature, nonRepudiation" - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - - days_valid: 820 + - days_valid: 9 - copypath: /etc/pki/issued_certs/ kafka: - minions: '*' @@ -79,5 +79,5 @@ x509_signing_policies: - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - extendedKeyUsage: "serverAuth, clientAuth" - - days_valid: 820 + - days_valid: 9 - copypath: /etc/pki/issued_certs/ diff --git a/salt/ca/init.sls b/salt/ca/init.sls index ccbe5e39e..1ec6c4965 100644 --- a/salt/ca/init.sls +++ b/salt/ca/init.sls @@ -39,7 +39,7 @@ pki_public_ca_crt: - extendedkeyUsage: "serverAuth, clientAuth" - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid:always, issuer - - days_valid: 3650 + - days_valid: 11 - days_remaining: 7 - backup: True - replace: False diff --git a/salt/kafka/ssl.sls b/salt/kafka/ssl.sls index 77aedf9eb..dbed7a19f 100644 --- a/salt/kafka/ssl.sls +++ b/salt/kafka/ssl.sls @@ -45,7 +45,7 @@ kafka_client_crt: - private_key: /etc/pki/kafka-client.key - CN: {{ GLOBALS.hostname }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -93,7 +93,7 @@ kafka_crt: - private_key: /etc/pki/kafka.key - CN: {{ GLOBALS.hostname }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -154,7 +154,7 @@ kafka_logstash_crt: - private_key: /etc/pki/kafka-logstash.key - CN: {{ GLOBALS.hostname }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: diff --git a/salt/nginx/enabled.sls b/salt/nginx/enabled.sls index 8af48a766..e92e2fe91 100644 --- a/salt/nginx/enabled.sls +++ b/salt/nginx/enabled.sls @@ -65,7 +65,7 @@ managerssl_crt: - CN: {{ GLOBALS.hostname }} - subjectAltName: "DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}, DNS:{{ GLOBALS.url_base }}" - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index 9dfef9fc8..1cdf1c52f 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -85,7 +85,7 @@ influxdb_crt: - CN: {{ GLOBALS.hostname }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -124,7 +124,7 @@ redis_crt: - private_key: /etc/pki/redis.key - CN: {{ GLOBALS.hostname }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -166,7 +166,7 @@ etc_elasticfleet_crt: - CN: {{ GLOBALS.hostname }} - subjectAltName: DNS:{{ GLOBALS.hostname }},DNS:{{ GLOBALS.url_base }},IP:{{ GLOBALS.node_ip }}{% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %},DNS:{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(',DNS:') }}{% endif %} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -223,7 +223,7 @@ etc_elasticfleet_logstash_crt: - CN: {{ GLOBALS.hostname }} - subjectAltName: DNS:{{ GLOBALS.hostname }},DNS:{{ GLOBALS.url_base }},IP:{{ GLOBALS.node_ip }}{% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %},DNS:{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(',DNS:') }}{% endif %} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -284,7 +284,7 @@ etc_elasticfleetlumberjack_crt: - CN: {{ GLOBALS.node_ip }} - subjectAltName: DNS:{{ GLOBALS.hostname }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -351,7 +351,7 @@ etc_elasticfleet_agent_crt: - private_key: /etc/pki/elasticfleet-agent.key - CN: {{ GLOBALS.hostname }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -413,7 +413,7 @@ etc_filebeat_crt: - CN: {{ GLOBALS.hostname }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -484,7 +484,7 @@ registry_crt: - private_key: /etc/pki/registry.key - CN: {{ GLOBALS.manager }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -522,7 +522,7 @@ regkeyperms: - CN: {{ GLOBALS.hostname }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -583,7 +583,7 @@ conf_filebeat_crt: - CN: {{ GLOBALS.hostname }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -637,7 +637,7 @@ chownfilebeatp8: - CN: {{ GLOBALS.hostname }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: @@ -687,7 +687,7 @@ elasticfleet_kafka_crt: - CN: {{ GLOBALS.hostname }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - days_remaining: 7 - - days_valid: 820 + - days_valid: 9 - backup: True - timeout: 30 - retry: