x509 subject properties

salt/files/_pki.conf

@@ -7,9 +7,21 @@ x509_signing_policies:
     - minions: '{{ signing_policy.minions }}'
     - signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key
     - signing_cert: /etc/pki/ca/{{ ca_name }}/ca.crt
+    {%- if ca.country is defined %}
     - C: {{ ca.country }}
+    {%- endif %}
+    {%- if ca.state is defined %}
     - ST: {{ ca.state }}
+    {%- endif %}
+    {%- if ca.locality is defined %}
     - L: {{ ca.locality }}
+    {%- endif %}
+    {%- if ca.organization is defined %}
+    - O: {{ ca.organization }}
+    {%- endif %}
+    {%- if ca.organization_unit is defined %}
+    - OU: {{ ca.organization_unit }}
+    {%- endif %}
     {%- if signing_policy.type == 'v3_edge_cert_client' %}
     - basicConstraints: "CA:FALSE"
     - keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment"

salt/minion/ca.sls

@@ -30,9 +30,21 @@ include:
   x509.certificate_managed:
   - signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key
   - CN: {{ ca.common_name }}
+  {%- if ca.country is defined %}
   - C: {{ ca.country }}
+  {%- endif %}
+  {%- if ca.state is defined %}
   - ST: {{ ca.state }}
+  {%- endif %}
+  {%- if ca.locality is defined %}
   - L: {{ ca.locality }}
+  {%- endif %}
+  {%- if ca.organization is defined %}
+  - O: {{ ca.organization }}
+  {%- endif %}
+  {%- if ca.organization_unit is defined %}
+  - OU: {{ ca.organization_unit }}
+  {%- endif %}
   - basicConstraints: "critical,CA:TRUE"
   - keyUsage: "critical,cRLSign,keyCertSign"
   - subjectKeyIdentifier: hash