Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

46 wiersze
1.6KB

  1. ---
  2. # https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
  3. - include: directory.yml
  4. - include_role:
  5. name: certificate
  6. vars:
  7. certificate_name: ca
  8. certificate_provider: manual
  9. certificate_authority: true
  10. certificate_key_usage:
  11. - digitalSignature
  12. - cRLSign
  13. - keyCertSign
  14. certificate_directory: "{{ certificate_authority_directory }}"
  15. certificate_file: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
  16. certificate_signing_request_file: "{{ certificate_authority_directory }}/csr/ca.csr.pem"
  17. certificate_signing_request_config_file: "{{ certificate_authority_directory }}/csr/ca.csr.cnf"
  18. certificate_private_key_file: "{{ certificate_authority_directory }}/private/ca.key.pem"
  19. - name: self sign certificate
  20. command: openssl ca -selfsign -batch -notext
  21. -config openssl.cnf
  22. -in csr/ca.csr.pem
  23. -out certs/ca.cert.pem
  24. {{ certificate_private_key_password is defined | ternary('-passin env:PRIVATE_KEY_PASSWORD','') }}
  25. args:
  26. chdir: "{{ certificate_authority_directory }}"
  27. creates: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
  28. environment:
  29. PRIVATE_KEY_PASSWORD: "{{ certificate_private_key_password | default('') }}"
  30. when: certificate_authority_type == "root"
  31. - name: certificate info
  32. command: openssl x509 -text -noout -in certs/ca.cert.pem
  33. args:
  34. chdir: "{{ certificate_authority_directory }}"
  35. changed_when: false
  36. register: _certificate_authority_info
  37. - name: certificate debug
  38. debug:
  39. msg: "{{ _certificate_authority_info.stdout_lines }}"