ansible-role-generate-tls-c.../defaults/main.yml

47 lines
934 B
YAML
Raw Normal View History

2018-04-20 10:40:41 +02:00
---
# defaults file for generate-tls-certs
2018-04-22 11:02:16 +02:00
generate_tls_certs: true
2018-04-20 10:40:41 +02:00
# Do not put trailing slash "/"
cert_dir: ./certs
generate_ca_cert: false
generate_client_cert: false
generate_server_cert: false
# -------
# CA CERT
# -------
tls_ca_cert: ca.pem
tls_ca_csr: ca.csr
tls_ca_key: ca.key
tls_ca_key_size: 4096
# 10 years
tls_ca_valid_days: 3650
# tls_ca_country:
# tls_ca_state:
# tls_ca_locality:
# tls_ca_organization:
# tls_ca_organizationalunit:
tls_ca_commonname: Certificate Authority
#tls_ca_email:
# -----------
# CLIENT CERT
# -----------
tls_client_cert: client.pem
tls_client_key: client.key
tls_client_csr: client.csr
tls_client_key_size: 4096
tls_client_commonname: Client
tls_client_extfile: extfile-client.cnf
# 2 years
tls_client_valid_days: 730
# -----------
# SERVER CERT
# -----------
# 2 years
tls_server_valid_days: 730
tls_server_key_size: 4096
2018-04-20 14:09:45 +02:00
# Enable Subject Alternate Name (SAN)
tls_server_enable_san: true