@ -60,3 +60,21 @@ Then, don't forget to remode the file `ca.key`.
## How does it works ?
## How does it works ?
The role check if the certificate already exist and is valid. If not, it will generate **on the localhost** the certificates and then copy them to the remote host and delate the local version.
The role check if the certificate already exist and is valid. If not, it will generate **on the localhost** the certificates and then copy them to the remote host and delate the local version.
## Add a CRL endpoint
If you use a CRL to revocate your certifiates, you can add the variable `crl_distribution_points` to describe the CRL endpoint(s). CF https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_csr_module.html for more information about `crl_distribution_points`.