diff --git a/salt/ca/files/signing_policies.conf b/salt/ca/files/signing_policies.conf index 1e05be0063..aa99b602a9 100644 --- a/salt/ca/files/signing_policies.conf +++ b/salt/ca/files/signing_policies.conf @@ -37,7 +37,7 @@ x509_signing_policies: - ST: Utah - L: Salt Lake City - basicConstraints: "critical CA:false" - - keyUsage: "critical keyEncipherment" + - keyUsage: "critical keyEncipherment digitalSignature" - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - extendedKeyUsage: serverAuth diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 246e59ed4c..0dc739691b 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -775,8 +775,11 @@ post_to_2.3.270() { } post_to_2.3.280() { - echo "Nothing to do for .280" - + salt-call state.apply ca queue=True + stop_salt_minion + mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old + mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old + systemctl_func "start" "salt-minion" POSTVERSION=2.3.280 }