Generate TLS certificates ========================= Generates self-signed CA, client and server certificates. Runs locally on control machine. **Note:** Ansible crypto modules do not support self-signed certs, using `shell` command instead as required. **WARNING: re-running this role in the same output folder will overwrite any existing certs and keys!** Requirements ------------ - For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file Role Variables -------------- See `defaults/main.yml` Dependencies ------------ - Refer to [Ansible Crypto modules]( Example Playbook ---------------- **generate-certs.yaml:** ``` --- # ansible-playbook generate-certs.yaml -i localhost, # ansible-playbook generate-certs.yaml -i inventory.yaml - hosts: all gather_facts: false tasks: - include_vars: vars.yaml - name: Generate certs import_role: name: generate-tls-certs ``` **vars.yaml:** ``` --- cert_dir: ./certs generate_ca_cert: true generate_client_cert: true generate_server_cert: true # ------- # CA CERT # ------- tls_ca_cert: my-ca.pem tls_ca_csr: my-ca.csr tls_ca_key: my-ca.key tls_ca_country: CA tls_ca_state: Ontario tls_ca_locality: Toronto tls_ca_organization: My Company Inc. tls_ca_organizationalunit: IT tls_ca_commonname: My Certificate Authority # ----------- # CLIENT CERT # ----------- tls_client_cert: my-client.pem tls_client_key: my-client.key tls_client_csr: my-client.csr tls_client_commonname: My Client ``` License ------- BSD Author Information ------------------ [EasyPath IT Solutions Inc.](