|
|
|
@ -18,11 +18,12 @@
|
|
|
|
|
delegate_to: localhost
|
|
|
|
|
when: not key_file.stat.exists
|
|
|
|
|
|
|
|
|
|
# TODO: add a revocation methode, most probably crl, with crl_distribution_points
|
|
|
|
|
- name: Generate a Certificate Signing Request
|
|
|
|
|
become: false
|
|
|
|
|
openssl_csr:
|
|
|
|
|
path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
|
|
|
|
|
private_key_path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
|
|
|
|
privatekey_path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
|
|
|
|
common_name: "{{ cname }}"
|
|
|
|
|
country_name: "{{ country_name | default(omit) }}"
|
|
|
|
|
locality_name: "{{ locality_name | default(omit) }}"
|
|
|
|
@ -32,13 +33,12 @@
|
|
|
|
|
email_address: "{{ email_address | default(omit) }}"
|
|
|
|
|
basic_constraints:
|
|
|
|
|
- CA:FALSE # syntax?
|
|
|
|
|
basic_contraints_critical: yes
|
|
|
|
|
basic_constraints_critical: yes
|
|
|
|
|
key_usage: "{{ key_usage }}"
|
|
|
|
|
key_usage_critical: yes
|
|
|
|
|
subject_alt_name: "{{ subject_alt_name | default(omit) }}"
|
|
|
|
|
# TODO: add a revocation methode, most probably crl, with crl_distribution_points
|
|
|
|
|
delegate_to: localhost
|
|
|
|
|
when: no key_file.stat exists
|
|
|
|
|
when: not key_file.stat.exists
|
|
|
|
|
|
|
|
|
|
- name: Send private key to the server
|
|
|
|
|
copy:
|
|
|
|
|