I have inherited a SuMa system here managing a bunch of servers. SuMa is currently 3.1.9, the managed servers are primarily SLES11Sp4 using Salt.

Right now, SuMa is using the default self-signed certificate. Working fine. Client wants SuMa to use a certificate signed by an external CA. This seems like it should be possible, but I have not found good documentation on how to do so.

Google led me to:


which may work, I don't yet know. It seems like there could be a lot more information in that section. It seems to apply to a new install, which this is not, and does not cover what happens if I do this to an existing and working system. Do I really need to blow away the current setup and start over for something so simple as changing a certificate?

There is a copy of this for 3.2 also, but it's even less helpful:


Note the "???TITLE???" link in the 3.2 doc, where the 3.1 had "Step 1". Looks like somebody goofed the reformat on the copy from 3.1 to3.2.

Further research via Google found this (old?) page:


for older versions, not sure how or if it could be used for SuMa 3.1.9.

Then searching this forum turned up:


which doesn't say if it's possible or not, but does say that it's not supported.

So, what's the current actual answer? Can I replace the certificate being used here? If so, by which set of directions? Do I then have to re-register all of the Salt minions to get them to work again?

I don't have a test SuMa to see what happens. I can VM snapshot before proceeding however.