Skip to content

Instantly share code, notes, and snippets.

@ssplatt

ssplatt/custom.yml

Created November 18, 2016 14:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ssplatt/c29dc5550905a364a37a91b17c95b3cc to your computer and use it in GitHub Desktop.
Save ssplatt/c29dc5550905a364a37a91b17c95b3cc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
custom.yml
sslcert:
gencert:
name: /etc/pki/{{ grains.id }}.crt
days_remaining: 30
user: vagrant
group: vagrant
mode: 640
kwargs:
ca_server: salt
signing_policy: testingca
CN: {{ grains.id }}
days_valid: 90
public_key: /etc/pki/{{ grains.id }}.key
subjectAltName: DNS:myvirthost.local, DNS:{{ grains.id }}
Raw
gencert.sls
...
sslcert_gen_cert:
x509.certificate_managed:
- name: {{ sslcert.gencert.name }}
- days_remaining: {{ sslcert.gencert.days_remaining }}
- backup: True
{% for k, v in sslcert.gencert.kwargs.iteritems() -%}
- {{ k }}: {{ v }}
{% endfor %}
- onlyif: test -s /usr/local/share/ca-certificates/{{ sslcert.gencert.kwargs.signing_policy }}.crt
...
Raw
signing_policy.conf
x509_signing_policies:
testingca:
- minions: '*'
- signing_private_key: /etc/pki/testingca/ca.key
- signing_cert: /etc/pki/testingca/ca.crt
- C: US
- ST: MyState
- L: MyCity
- basicConstraints: "critical CA:false"
- keyUsage: "critical digitalSignature, keyEncipherment"
- subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always
- days_valid: 90
- copypath: /etc/pki/testingca/issued_certs/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment