From 15506285f3c79e61253648fef70d9a6a15ea1bd2 Mon Sep 17 00:00:00 2001
From: ababra <aman@easypath.ca>
Date: Fri, 20 Apr 2018 08:09:45 -0400
Subject: [PATCH] Added support for toggling SAN-certs

---
 defaults/main.yml | 2 ++
 tasks/main.yml    | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index cbf1f9c..3614add 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -42,3 +42,5 @@ tls_client_valid_days: 730
 # 2 years
 tls_server_valid_days: 730
 tls_server_key_size: 4096
+# Enable Subject Alternate Name (SAN)
+tls_server_enable_san: true
diff --git a/tasks/main.yml b/tasks/main.yml
index bfb2d69..2ec2238 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -67,7 +67,9 @@
       module: template
       src: templates/server-cert-extfile.cnf.j2
       dest: "{{cert_dir}}/{{inventory_hostname_short}}-extfile.cnf"
-    when: generate_server_cert
+    when:
+      - generate_server_cert
+      - tls_server_enable_san
 
   - name: Sign server cert request by CA
     local_action:
@@ -75,6 +77,6 @@
         shell openssl x509 -req -sha256 -days {{tls_server_valid_days}}
         -CA "{{cert_dir}}/{{tls_ca_cert}}" -CAkey "{{cert_dir}}/{{tls_ca_key}}" -set_serial {{ 999999999 | random }}
         -in "{{cert_dir}}/{{inventory_hostname_short}}.csr" -out "{{cert_dir}}/{{inventory_hostname_short}}.pem"
-        -extfile "{{cert_dir}}/{{inventory_hostname_short}}-extfile.cnf"
+        {% if tls_server_enable_san %}-extfile "{{cert_dir}}/{{inventory_hostname_short}}-extfile.cnf"{% endif %}
     ignore_errors: true
     when: generate_server_cert