Blallo
0bcb4b89b6
When updating /etc/hosts to add the hosts in the inventory, also add the name postfixed with a configurable tld.
54 lines
1.2 KiB
YAML
54 lines
1.2 KiB
YAML
---
|
|
# defaults file for generate-tls-certs
|
|
gen_tls_generate_certs: true
|
|
# Do not put trailing slash "/"
|
|
gen_tls_cert_dir: ./certs
|
|
gen_tls_remote_certs_dir: /etc/ssl
|
|
gen_tls_remote_ca_certs_dir: /etc/ssl/certs
|
|
gen_tls_generate_ca_cert: false
|
|
gen_tls_generate_client_cert: false
|
|
gen_tls_generate_server_cert: false
|
|
|
|
# -------
|
|
# CA CERT
|
|
# -------
|
|
gen_tls_ca_cert: ca.pem
|
|
gen_tls_ca_csr: ca.csr
|
|
gen_tls_ca_key: ca.key
|
|
gen_tls_ca_key_size: 4096
|
|
# 10 years
|
|
gen_tls_ca_valid_days: 3650
|
|
# gen_tls_ca_country:
|
|
# gen_tls_ca_state:
|
|
# gen_tls_ca_locality:
|
|
# gen_tls_ca_organization:
|
|
# gen_tls_ca_organizationalunit:
|
|
gen_tls_ca_commonname: Certificate Authority
|
|
#gen_tls_ca_email:
|
|
|
|
# -----------
|
|
# CLIENT CERT
|
|
# -----------
|
|
gen_tls_client_cert: client.pem
|
|
gen_tls_client_key: client.key
|
|
gen_tls_client_csr: client.csr
|
|
gen_tls_client_key_size: 4096
|
|
gen_tls_client_commonname: Client
|
|
# 2 years
|
|
gen_tls_client_valid_days: 730
|
|
|
|
# -----------
|
|
# SERVER CERT
|
|
# -----------
|
|
# 2 years
|
|
gen_tls_server_valid_days: 730
|
|
gen_tls_server_key_size: 4096
|
|
# Enable Subject Alternate Name (SAN)
|
|
gen_tls_server_enable_san: true
|
|
|
|
# -------------------
|
|
# POPULATE /etc/hosts
|
|
# -------------------
|
|
gen_tls_populate_etc_hosts: false
|
|
# gen_tls_tld:
|