From d012b8dc015fe58ca4c7e3fbc8bc9d3c8d74b242 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 16 Jul 2018 14:00:00 -0400 Subject: [PATCH] SSL Module - Allow the CA to sign client certs --- salt/ssl/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index 30e78c7ff..f475c4758 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -26,6 +26,7 @@ m2cryptopkgs: - CN: {{ master }} - days_remaining: 3000 - backup: True + - keyUsage: "critical keyEncipherment" - extendedkeyUsage: "serverAuth, clientAuth" - managed_private_key: name: /etc/pki/filebeat.key