Generate TLS certificates

Generates self-signed CA, client and server certificates. Runs locally on control machine. Note: Ansible crypto modules do not support self-signed certs, using shell command instead as required.

Requirements

For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file

Role Variables

See defaults/main.yml

Dependencies

Refer to Ansible Crypto modules

Example Playbook

generate-certs.yaml:

---

# ansible-playbook generate-certs.yaml -i localhost,
# ansible-playbook generate-certs.yaml -i inventory.yaml

- hosts: all

  gather_facts: false

  tasks:
    - include_vars: vars.yaml

    - name: Generate certs
      import_role: 
        name: generate-tls-certs

vars.yaml:

---
cert_dir: ./certs
generate_ca_cert: true
generate_client_cert: true
generate_server_cert: true

# -------
# CA CERT
# -------
tls_ca_cert: my-ca.pem
tls_ca_csr: my-ca.csr
tls_ca_key: my-ca.key
tls_ca_country: CA
tls_ca_state: Ontario
tls_ca_locality: Toronto
tls_ca_organization: My Company Inc.
tls_ca_organizationalunit: IT
tls_ca_commonname: My Certificate Authority

# -----------
# CLIENT CERT
# -----------
tls_client_cert: my-client.pem
tls_client_key: my-client.key
tls_client_csr: my-client.csr
tls_client_commonname: My Client

License

BSD

Author Information

EasyPath IT Solutions Inc.

1.6 KiB Raw Blame History