|
- ---
-
- # https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
-
- - include: directory.yml
-
- - include_role:
- name: certificate
- vars:
- certificate_name: ca
- certificate_provider: manual
- certificate_authority: true
- certificate_key_usage:
- - digitalSignature
- - cRLSign
- - keyCertSign
- certificate_directory: "{{ certificate_authority_directory }}"
- certificate_file: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
- certificate_signing_request_file: "{{ certificate_authority_directory }}/csr/ca.csr.pem"
- certificate_signing_request_config_file: "{{ certificate_authority_directory }}/csr/ca.csr.cnf"
- certificate_private_key_file: "{{ certificate_authority_directory }}/private/ca.key.pem"
-
- - name: self sign certificate
- command: openssl ca -selfsign -batch -notext
- -config openssl.cnf
- -in csr/ca.csr.pem
- -out certs/ca.cert.pem
- {{ certificate_private_key_password is defined | ternary('-passin env:PRIVATE_KEY_PASSWORD','') }}
- args:
- chdir: "{{ certificate_authority_directory }}"
- creates: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
- environment:
- PRIVATE_KEY_PASSWORD: "{{ certificate_private_key_password | default('') }}"
- when: certificate_authority_type == "root"
-
- - name: certificate info
- command: openssl x509 -text -noout -in certs/ca.cert.pem
- args:
- chdir: "{{ certificate_authority_directory }}"
- changed_when: false
- register: _certificate_authority_info
-
- - name: certificate debug
- debug:
- msg: "{{ _certificate_authority_info.stdout_lines }}"
|
