blallo/ansible-role-generate-tls-certs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
9bf495b79c
ansible-role-generate-tls-c.../tasks/generate-server-cert.yaml

39 lines
1.4 KiB
YAML
Raw Blame History

---
# Generate server cert
- name: Create CSR for server cert
local_action:
module: |
shell if [ ! -e {{cert_dir}}/{{inventory_hostname_short}}.csr ]
then
openssl req -newkey rsa:{{tls_server_key_size}} -nodes -subj "/CN={{inventory_hostname}}" \
-keyout "{{cert_dir}}/{{inventory_hostname_short}}.key" -out "{{cert_dir}}/{{inventory_hostname_short}}.csr"
fi
args:
executable: /bin/bash
ignore_errors: true
when: generate_server_cert
- name: Generate certificate extensions file
local_action:
module: template
src: templates/server-cert-extfile.cnf.j2
dest: "{{cert_dir}}/{{inventory_hostname_short}}-extfile.cnf"
when:
- generate_server_cert
- tls_server_enable_san
- name: Sign server cert request by CA
local_action:
module: |
shell if [ ! -e {{cert_dir}}/{{inventory_hostname_short}}.pem ]
then
openssl x509 -req -sha256 -days {{tls_server_valid_days}} \
-CA "{{cert_dir}}/{{tls_ca_cert}}" -CAkey "{{cert_dir}}/{{tls_ca_key}}" -set_serial {{ 999999999 | random }} \
-in "{{cert_dir}}/{{inventory_hostname_short}}.csr" -out "{{cert_dir}}/{{inventory_hostname_short}}.pem" {% if tls_server_enable_san %}-extfile "{{cert_dir}}/{{inventory_hostname_short}}-extfile.cnf"{% endif %}
fi
args:
executable: /bin/bash
ignore_errors: true
when: generate_server_cert
Reference in New Issue View Git Blame Copy Permalink