From 8a394380cbc26c9199a88a1dfd6cf6e7f159731b Mon Sep 17 00:00:00 2001
From: Dustin Lee <dlee35@gmail.com>
Date: Tue, 30 Nov 2021 16:24:08 -0500
Subject: [PATCH] add subjectAltName to filebeat.crt

IP SAN is required for Endgame integration w/Logstash when DNS resolution is unavailable
---
 salt/ssl/init.sls | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index a71a79662..43d789e75 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -517,6 +517,7 @@ conf_filebeat_crt:
     - signing_policy: filebeat
     - public_key: /opt/so/conf/filebeat/etc/pki/filebeat.key
     - CN: {{ COMMONNAME }}
+    - subjectAltName: DNS:{{ HOSTNAME }}, IP:{{ MAINIP }}
     - days_remaining: 0
     - days_valid: 820
     - backup: True