From f5916e26a263014cfd37db5e9ad8263736c33c69 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Mon, 7 Sep 2020 04:42:11 -0400
Subject: [PATCH 1/3] read ca.crt from filesystem when possible

---
 salt/ssl/init.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 70d4c4b6a..733deed92 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -8,7 +8,7 @@
 {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 
 {% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import'] %}
-    {% set trusttheca_text =  salt['mine.get'](grains.id, 'x509.get_pem_entries')[grains.id]['/etc/pki/ca.crt']|replace('\n', '') %}
+    {% set trusttheca_text = salt['cmd.shell']('cat /etc/pki/ca.crt')|replace('\n','') %}
     {% set ca_server = grains.id %}
 {% else %}
     {% set x509dict =  salt['mine.get']('*', 'x509.get_pem_entries') %}

From f8ebed43d7a71326edd9d147d63996a80a4ecb16 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Mon, 7 Sep 2020 04:45:26 -0400
Subject: [PATCH 2/3] fix spacing

---
 salt/ssl/init.sls | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 733deed92..1d4cb2f37 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -8,10 +8,10 @@
 {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 
 {% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import'] %}
-    {% set trusttheca_text = salt['cmd.shell']('cat /etc/pki/ca.crt')|replace('\n','') %}
+    {% set trusttheca_text = salt['cmd.shell']('cat /etc/pki/ca.crt')|replace('\n', '') %}
     {% set ca_server = grains.id %}
 {% else %}
-    {% set x509dict =  salt['mine.get']('*', 'x509.get_pem_entries') %}
+    {% set x509dict = salt['mine.get']('*', 'x509.get_pem_entries') %}
     {% for host in x509dict %}
       {% if 'manager' in host.split('_')|last or host.split('_')|last == 'standalone' %}
         {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}

From 7facff2b7dfd37ed56094c0afad0c7d0ff9883e2 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 9 Sep 2020 10:34:53 -0400
Subject: [PATCH 3/3] change from cmd.run to cp.get_file_str

---
 salt/ssl/init.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 1d4cb2f37..416e13af5 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -8,7 +8,7 @@
 {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 
 {% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import'] %}
-    {% set trusttheca_text = salt['cmd.shell']('cat /etc/pki/ca.crt')|replace('\n', '') %}
+    {% set trusttheca_text = salt['cp.get_file_str']('/etc/pki/ca.crt')|replace('\n', '') %}
     {% set ca_server = grains.id %}
 {% else %}
     {% set x509dict = salt['mine.get']('*', 'x509.get_pem_entries') %}