|
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 |
- ---
-
- # https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
-
- - name: directory
- file:
- path: "{{ certificate_authority_directory }}"
- #mode: 0700
- state: directory
-
- - name: subdirectories
- file:
- path: "{{ certificate_authority_directory }}/{{ item }}"
- #mode: 0700
- state: directory
- with_items:
- - certs
- - crl
- - csr
- - newcerts
-
- - name: private directory
- file:
- path: "{{ certificate_authority_directory }}/private"
- mode: 0700
- state: directory
-
- - name: private key
- command:
- openssl genrsa
- -out private/ca.key.pem {{ certificate_authority_private_key_size }}
- args:
- chdir: "{{ certificate_authority_directory }}"
- creates: "{{ certificate_authority_directory }}/private/ca.key.pem"
-
- - name: openssl config
- template:
- src: openssl.cnf.j2
- dest: "{{ certificate_authority_directory }}/openssl.cnf"
-
- - name: extensions config
- template:
- src: extensions.cnf.j2
- dest: "{{ certificate_authority_directory }}/extensions.cnf"
-
- - name: index config
- template:
- src: index.attr.j2
- dest: "{{ certificate_authority_directory }}/index.attr"
-
- - name: index
- copy:
- content: ""
- dest: "{{ certificate_authority_directory }}/index"
- force: no
-
- - name: serial
- copy:
- content: "00\n"
- dest: "{{ certificate_authority_directory }}/serial"
- force: no
-
- - name: certificate signing request
- command: openssl req -new
- -config openssl.cnf
- -key private/ca.key.pem
- -days {{ certificate_authority_days }}
- -sha256
- -out csr/ca.csr.pem
- -subj "{{ certificate_authority_subject }}"
- args:
- chdir: "{{ certificate_authority_directory }}"
- creates: "{{ certificate_authority_directory }}/csr/ca.csr.pem"
- #when: certificate_authority_type == "intermediate"
-
- - name: self sign certificate
- command: openssl ca -selfsign -batch
- -config openssl.cnf
- -days {{ certificate_authority_days }}
- -extensions certificate_authority
- -in csr/ca.csr.pem
- -out certs/ca.cert.pem
- -subj "{{ certificate_authority_subject }}"
- args:
- chdir: "{{ certificate_authority_directory }}"
- creates: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
- when: certificate_authority_type == "root"
-
- - name: certificate info
- command: openssl x509 -text -noout -in certs/ca.cert.pem
- args:
- chdir: "{{ certificate_authority_directory }}"
- changed_when: false
- register: _certificate_authority_info
-
- - name: show certificate info
- debug:
- msg: "{{ _certificate_authority_info }}"
|