From 94accb0e8c8794190729bcf28d1edf555911ce2e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 20 Nov 2023 15:09:13 -0500 Subject: [PATCH 1/3] Update signing_policies.conf --- salt/ca/files/signing_policies.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/ca/files/signing_policies.conf b/salt/ca/files/signing_policies.conf index 1e05be0063..8310257fb9 100644 --- a/salt/ca/files/signing_policies.conf +++ b/salt/ca/files/signing_policies.conf @@ -36,7 +36,7 @@ x509_signing_policies: - C: US - ST: Utah - L: Salt Lake City - - basicConstraints: "critical CA:false" + - basicConstraints: "critical CA:false digitalSignature" - keyUsage: "critical keyEncipherment" - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always From 57612c69fe58463035199c6344c994d612a07fab Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 20 Nov 2023 15:11:50 -0500 Subject: [PATCH 2/3] Update signing_policies.conf --- salt/ca/files/signing_policies.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/ca/files/signing_policies.conf b/salt/ca/files/signing_policies.conf index 8310257fb9..aa99b602a9 100644 --- a/salt/ca/files/signing_policies.conf +++ b/salt/ca/files/signing_policies.conf @@ -36,8 +36,8 @@ x509_signing_policies: - C: US - ST: Utah - L: Salt Lake City - - basicConstraints: "critical CA:false digitalSignature" - - keyUsage: "critical keyEncipherment" + - basicConstraints: "critical CA:false" + - keyUsage: "critical keyEncipherment digitalSignature" - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - extendedKeyUsage: serverAuth From fee9b61ce989bee78d38133b058f84fa58e09ecb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 20 Nov 2023 15:14:25 -0500 Subject: [PATCH 3/3] Update soup --- salt/common/tools/sbin/soup | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 246e59ed4c..0dc739691b 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -775,8 +775,11 @@ post_to_2.3.270() { } post_to_2.3.280() { - echo "Nothing to do for .280" - + salt-call state.apply ca queue=True + stop_salt_minion + mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old + mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old + systemctl_func "start" "salt-minion" POSTVERSION=2.3.280 }