blallo/ansible-role-generate-tls-certs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
35275ed925
ansible-role-generate-tls-c.../tasks/generate-server-cert.yaml
ababra 35275ed925 Split tasks
2018-04-22 05:02:16 -04:00

29 lines
1.2 KiB
YAML
Raw Blame History

---
# Generate server cert
- name: Create CSR for server cert
local_action:
module: >
shell openssl req -newkey rsa:{{tls_server_key_size}} -nodes -subj "/CN={{inventory_hostname}}"
-keyout "{{cert_dir}}/{{inventory_hostname_short}}.key" -out "{{cert_dir}}/{{inventory_hostname_short}}.csr"
ignore_errors: true
when: generate_server_cert
- name: Generate certificate extensions file
local_action:
module: template
src: templates/server-cert-extfile.cnf.j2
dest: "{{cert_dir}}/{{inventory_hostname_short}}-extfile.cnf"
when:
- generate_server_cert
- tls_server_enable_san
- name: Sign server cert request by CA
local_action:
module: >
shell openssl x509 -req -sha256 -days {{tls_server_valid_days}}
-CA "{{cert_dir}}/{{tls_ca_cert}}" -CAkey "{{cert_dir}}/{{tls_ca_key}}" -set_serial {{ 999999999 | random }}
-in "{{cert_dir}}/{{inventory_hostname_short}}.csr" -out "{{cert_dir}}/{{inventory_hostname_short}}.pem"
{% if tls_server_enable_san %}-extfile "{{cert_dir}}/{{inventory_hostname_short}}-extfile.cnf"{% endif %}
ignore_errors: true
when: generate_server_cert
Reference in New Issue View Git Blame Copy Permalink