You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

99 lines
2.5KB

  1. ---
  2. # https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
  3. - name: directory
  4. file:
  5. path: "{{ certificate_authority_directory }}"
  6. #mode: 0700
  7. state: directory
  8. - name: subdirectories
  9. file:
  10. path: "{{ certificate_authority_directory }}/{{ item }}"
  11. #mode: 0700
  12. state: directory
  13. with_items:
  14. - certs
  15. - crl
  16. - csr
  17. - newcerts
  18. - name: private directory
  19. file:
  20. path: "{{ certificate_authority_directory }}/private"
  21. mode: 0700
  22. state: directory
  23. - name: private key
  24. command:
  25. openssl genrsa
  26. -out private/ca.key.pem {{ certificate_authority_private_key_size }}
  27. args:
  28. chdir: "{{ certificate_authority_directory }}"
  29. creates: "{{ certificate_authority_directory }}/private/ca.key.pem"
  30. - name: openssl config
  31. template:
  32. src: openssl.cnf.j2
  33. dest: "{{ certificate_authority_directory }}/openssl.cnf"
  34. - name: extensions config
  35. template:
  36. src: extensions.cnf.j2
  37. dest: "{{ certificate_authority_directory }}/extensions.cnf"
  38. - name: index config
  39. template:
  40. src: index.attr.j2
  41. dest: "{{ certificate_authority_directory }}/index.attr"
  42. - name: index
  43. copy:
  44. content: ""
  45. dest: "{{ certificate_authority_directory }}/index"
  46. force: no
  47. - name: serial
  48. copy:
  49. content: "00\n"
  50. dest: "{{ certificate_authority_directory }}/serial"
  51. force: no
  52. - name: certificate signing request
  53. command: openssl req -new
  54. -config openssl.cnf
  55. -key private/ca.key.pem
  56. -days {{ certificate_authority_days }}
  57. -sha256
  58. -out csr/ca.csr.pem
  59. -subj "{{ certificate_authority_subject }}"
  60. args:
  61. chdir: "{{ certificate_authority_directory }}"
  62. creates: "{{ certificate_authority_directory }}/csr/ca.csr.pem"
  63. #when: certificate_authority_type == "intermediate"
  64. - name: self sign certificate
  65. command: openssl ca -selfsign -batch
  66. -config openssl.cnf
  67. -days {{ certificate_authority_days }}
  68. -extensions certificate_authority
  69. -in csr/ca.csr.pem
  70. -out certs/ca.cert.pem
  71. -subj "{{ certificate_authority_subject }}"
  72. args:
  73. chdir: "{{ certificate_authority_directory }}"
  74. creates: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
  75. when: certificate_authority_type == "root"
  76. - name: certificate info
  77. command: openssl x509 -text -noout -in certs/ca.cert.pem
  78. args:
  79. chdir: "{{ certificate_authority_directory }}"
  80. changed_when: false
  81. register: _certificate_authority_info
  82. - name: show certificate info
  83. debug:
  84. msg: "{{ _certificate_authority_info }}"