From 9df8ccac7b395289f8b1567c01bd088375d35c6e Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Tue, 26 Mar 2019 20:26:57 -0400
Subject: [PATCH] Add masterhostname & masterip to fleet.crt as SAN

---
 salt/ssl/init.sls | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index a2d2b613f..841fc32ff 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -1,4 +1,5 @@
 {% set master = salt['grains.get']('master') %}
+{%- set masterip = salt['pillar.get']('static:masterip', '') -%}
 
 # Trust the CA
 
@@ -109,6 +110,7 @@ fbcrtlink:
   x509.certificate_managed:
     - signing_private_key: /etc/pki/fleet.key
     - CN: {{ master }}
+    - subjectAltName: DNS:{{ master }},IP:{{ masterip }}
     - days_remaining: 0
     - days_valid: 3650
     - backup: True