Consul has an issue with self-signed certificates and we added a temporary workaround by adding the spec variable safe.peer.tls.use_self_signed_certs property
Added rspecs for the manifest testing
Moved unsigned cert generation to a pre-start script
The self signed certs included text that was not part of the rfc5280.