Hi,
got the following problem, while proof of concept the usage of saltstack a network server config of several servers:
- there is a bacula instance within network, which works with Data Encrytion
- for this purpose, every bacula-client needs it's own key/cert-pair
Normally this key/value pair is created calling
openssl genrsa -out fd-$HOSTNAME.key 2048
openssl req -new -key fd-$HOSTNAME.key -x509 -out fd-$HOSTNAME.cert -days 7300
This should now be done automatically with salt stack.
Found this as "best practice"
Creating the self signed cert with saltstack works, but this method won't set subjectKeyIdentifier (openssl methods from above do this).
Is there a reason, why create_self_signed_cert won't set subjectKeyIdentifier extension?
Kind Regards
Christian Michel