diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common
index 767f9d21c..ef53ce60f 100755
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -84,11 +84,13 @@ container_list() {
     TRUSTED_CONTAINERS=(
       "so-filebeat"
       "so-idstools"
+      "so-elasticsearch"
       "so-logstash"
       "so-nginx"
       "so-redis"
       "so-steno"
       "so-suricata"
+      "so-soc"
       "so-telegraf"
       "so-zeek" 
     )
diff --git a/salt/elasticsearch/files/scripts/so-catrust b/salt/elasticsearch/files/scripts/so-catrust
index aee83a379..d49a29ce4 100644
--- a/salt/elasticsearch/files/scripts/so-catrust
+++ b/salt/elasticsearch/files/scripts/so-catrust
@@ -18,6 +18,10 @@
 {%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {%- set MANAGER = salt['grains.get']('master') %}
 . /usr/sbin/so-common
+
+# Exit on errors, since all lines must succeed
+set -e
+
 # Check to see if we have extracted the ca cert.
 if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then
     docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt
diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls
index 8d400ca1e..1ff34ceae 100644
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -48,6 +48,7 @@ so-telegraf:
       - HOST_ETC=/host/etc
       - HOST_SYS=/host/sys
       - HOST_MOUNT_PREFIX=/host
+      - GODEBUG=x509ignoreCN=0
     - network_mode: host
     - binds:
       - /opt/so/log/telegraf:/var/log/telegraf:rw
@@ -84,4 +85,4 @@ telegraf_state_not_allowed:
   test.fail_without_changes:
     - name: telegraf_state_not_allowed
 
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/setup/so-functions b/setup/so-functions
index c49babaae..6d7e5582a 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -719,7 +719,7 @@ create_local_directories() {
 		for d in $(find $PILLARSALTDIR/$i -type d); do
 			suffixdir=${d//$PILLARSALTDIR/}
 			if [ ! -d "$local_salt_dir/$suffixdir" ]; then
-				mkdir -v "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1
+				mkdir -pv "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1
 			fi
 		done
 		chown -R socore:socore "$local_salt_dir/$i"
@@ -1525,7 +1525,7 @@ reinstall_init() {
 
 		if command -v docker &> /dev/null; then
 			# Stop and remove all so-* containers so files can be changed with more safety
-			if [ $(docker ps -a -q --filter "name=so-") -gt 0 ]; then
+			if [ $(docker ps -a -q --filter "name=so-" | wc -l) -gt 0 ]; then
 				docker stop $(docker ps -a -q --filter "name=so-")
 				docker rm -f $(docker ps -a -q --filter "name=so-")
 			fi