Quote Originally Posted by dgersic View Post
So, what's the current actual answer? Can I replace the certificate being used here? If so, by which set of directions? Do I then have to re-register all of the Salt minions to get them to work again?

I don't have a test SuMa to see what happens. I can VM snapshot before proceeding however.
you can use your own / externally generated certificates with SuMa, and you can change them after install.

You didn't mention if all clients already trust the external CA that's signing the SuMa certificate. If not, then you'll have to distribute the CA certificate to all clients and trust it. One way is to use the SuMa mechanisms, which I believe are mentioned in the Wiki page.

If you need to go the manual route to provision the certificates (which likely is fully unsupported):

The other side is the server certificate that is needed on the SuMa server - basically, it's about the httpd server certificate, which is provided by separate key and cert files. Go have a look at the httpd config and follow the symlink chains to find the right spot to place your files. If you're using osad / Jabber as well, then you need to provide a separate certificate/key combo file (basically a file containing both the cert and the key in one, by "cat"ing both into one file) for jabberd. I don't have a system at hand at the moment and don't remember the exact path name of that file - if needed, I could look it up.