--- - include_role: name: certificate vars: certificate_name: ca certificate_provider: manual certificate_authority: true certificate_key_usage: - digitalSignature - cRLSign - keyCertSign certificate_directory: "{{ certificate_authority_directory }}" certificate_file: "{{ certificate_authority_directory }}/certs/ca.cert.pem" certificate_signing_request_file: "{{ certificate_authority_directory }}/csr/ca.csr.pem" certificate_signing_request_config_file: "{{ certificate_authority_directory }}/csr/ca.csr.cnf" certificate_private_key_file: "{{ certificate_authority_directory }}/private/ca.key.pem" certificate_private_key_password: "{{ certificate_authority_private_key_password }}" - name: self sign certificate command: openssl ca -selfsign -batch -notext -config cnf/ca.cnf -in csr/ca.csr.pem -out certs/ca.cert.pem {{ certificate_authority_private_key_password is defined | ternary('-passin env:PRIVATE_KEY_PASSWORD','') }} args: chdir: "{{ certificate_authority_directory }}" creates: "{{ certificate_authority_directory }}/certs/ca.cert.pem" environment: PRIVATE_KEY_PASSWORD: "{{ certificate_authority_private_key_password | default('') }}" when: certificate_authority_type == "root" # - name: certificate stat # stat: # path: "{{ certificate_authority_directory }}/certs/ca.cert.pem" # register: _certificate_authority_stat # changed_when: not _certificate_authority_stat.stat.exists # notify: self sign certificate # - debug: # msg: "{{ _certificate_authority_stat }}"