sign the certificate
This commit is contained in:
parent
f9a9c48942
commit
7081c0411c
GPG key ID:
67486F107F62E9E9
2 changed files with 31 additions and 0 deletions
|
|
@ -2,3 +2,4 @@
|
||||||
key_usage:
|
key_usage:
|
||||||
- digitalSignature
|
- digitalSignature
|
||||||
- keyEncipherment
|
- keyEncipherment
|
||||||
|
validity_duration: "+365d"
|
||||||
|
|
|
||||||
|
|
@ -40,6 +40,36 @@
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
when: not key_file.stat.exists
|
when: not key_file.stat.exists
|
||||||
|
|
||||||
|
- name: Put the CA in a file
|
||||||
|
become: false
|
||||||
|
copy:
|
||||||
|
content: "{{ ca_cert }}"
|
||||||
|
dest: "/tmp/ansible_hacky_pki_ca.crt"
|
||||||
|
delegate_to: localhost
|
||||||
|
when: not key_file.stat.exists
|
||||||
|
|
||||||
|
- name: Put the CA key in a file
|
||||||
|
become: false
|
||||||
|
copy:
|
||||||
|
content: "{{ ca_key }}"
|
||||||
|
dest: "/tmp/ansible_hacky_pki_ca.key"
|
||||||
|
mode: u=rw,g=,o=
|
||||||
|
delegate_to: localhost
|
||||||
|
when: not key_file.stat.exists
|
||||||
|
|
||||||
|
- name: Sign the certificate
|
||||||
|
become: false
|
||||||
|
openssl_certificate:
|
||||||
|
path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
|
||||||
|
csr_path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
|
||||||
|
ownca_not_after: "{{ validity_duration }}"
|
||||||
|
ownca_path: /tmp/ansible_hacky_pki_ca.crt
|
||||||
|
ownca_privatekey_passphrase: "{{ ca_passphrase }}"
|
||||||
|
ownca_privatekey_path: /tmp/ansible_hacky_pki_ca.key
|
||||||
|
provider: ownca
|
||||||
|
delegate_to: localhost
|
||||||
|
when: not key_file.stat.exists
|
||||||
|
|
||||||
- name: Send private key to the server
|
- name: Send private key to the server
|
||||||
copy:
|
copy:
|
||||||
src: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
src: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue