blallo/ansible-role-generate-tls-certs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added support for toggling SAN-certs

Browse Source
This commit is contained in:
ababra 2018-04-20 08:09:45 -04:00
parent f9c0be7195
commit 15506285f3
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@ -42,3 +42,5 @@ tls_client_valid_days: 730
# 2 years # 2 years
tls_server_valid_days: 730 tls_server_valid_days: 730
tls_server_key_size: 4096 tls_server_key_size: 4096
# Enable Subject Alternate Name (SAN)
tls_server_enable_san: true

6
tasks/main.yml
View File

@ -67,7 +67,9 @@
module: template module: template
src: templates/server-cert-extfile.cnf.j2 src: templates/server-cert-extfile.cnf.j2
dest: "{{cert_dir}}/{{inventory_hostname_short}}-extfile.cnf" dest: "{{cert_dir}}/{{inventory_hostname_short}}-extfile.cnf"
when: generate_server_cert when:
- generate_server_cert
- tls_server_enable_san
- name: Sign server cert request by CA - name: Sign server cert request by CA
local_action: local_action:
@ -75,6 +77,6 @@
shell openssl x509 -req -sha256 -days {{tls_server_valid_days}} shell openssl x509 -req -sha256 -days {{tls_server_valid_days}}
-CA "{{cert_dir}}/{{tls_ca_cert}}" -CAkey "{{cert_dir}}/{{tls_ca_key}}" -set_serial {{ 999999999 | random }} -CA "{{cert_dir}}/{{tls_ca_cert}}" -CAkey "{{cert_dir}}/{{tls_ca_key}}" -set_serial {{ 999999999 | random }}
-in "{{cert_dir}}/{{inventory_hostname_short}}.csr" -out "{{cert_dir}}/{{inventory_hostname_short}}.pem" -in "{{cert_dir}}/{{inventory_hostname_short}}.csr" -out "{{cert_dir}}/{{inventory_hostname_short}}.pem"
-extfile "{{cert_dir}}/{{inventory_hostname_short}}-extfile.cnf" {% if tls_server_enable_san %}-extfile "{{cert_dir}}/{{inventory_hostname_short}}-extfile.cnf"{% endif %}
ignore_errors: true ignore_errors: true
when: generate_server_cert when: generate_server_cert