Explain how to generate a CA
This commit is contained in:
parent
cb7dc99f5b
commit
eaacbca6dc
2 changed files with 139 additions and 3 deletions
47
README.md
47
README.md
|
@ -8,4 +8,51 @@ The Public Certificate of the CA and its Private Key are ansible variables. Make
|
||||||
|
|
||||||
## Generate a CA
|
## Generate a CA
|
||||||
|
|
||||||
|
### Generate a key
|
||||||
|
|
||||||
|
```
|
||||||
|
openssl genrsa -out ca.key -aes256 4096
|
||||||
|
```
|
||||||
|
|
||||||
|
It will ask a passphrase. Put the passphrase in a vault as `ca_passphrase`.
|
||||||
|
|
||||||
|
Then, put the content of `ca.key` in the vaul:
|
||||||
|
|
||||||
|
```
|
||||||
|
ca_key: |
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: AES-256-CBC,EABBE7D2AC7D31F05392F733E9F9B031
|
||||||
|
|
||||||
|
vbKyyhou4oJIZEXL1U4ESbUJ/r5Im9lZNatJwZISOnD3E//+Vf3QaIb+sQ2xNym9
|
||||||
|
...
|
||||||
|
iKkhjgSIm7tWWR5lxd/dpeoEM/+tvcZ0KJqFsbPv9jmZPl4/PfBf7O185K7KCY9L
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
```
|
||||||
|
|
||||||
|
### Generate the certificate
|
||||||
|
|
||||||
|
```
|
||||||
|
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
You can replace `3650` by the validity periode you want for your certificate.
|
||||||
|
|
||||||
|
You will be ask questions for the content of the certificate, answer adequately.
|
||||||
|
|
||||||
|
Then, put the content of `ca.pem` in the variables as `ca_cert`:
|
||||||
|
|
||||||
|
```
|
||||||
|
ca_cert: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIF7TCCA9WgAwIBAgIURKS2ggzKV0XKM6IdSqPjDvsr9AowDQYJKoZIhvcNAQEL
|
||||||
|
...
|
||||||
|
YRj4p9wG46WoMCvnNxdgL2/MQfp+Y8rinDEk1BG1Zb8g
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
```
|
||||||
|
|
||||||
|
Then, don't forget to remode the file `ca.key`.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## How does it works ?
|
## How does it works ?
|
||||||
|
|
|
@ -1,4 +1,93 @@
|
||||||
---
|
---
|
||||||
ca_public:
|
ca_cert: |
|
||||||
# This variable HAS to be storred in a vault.
|
-----BEGIN CERTIFICATE-----
|
||||||
ca_private:
|
MIIF7TCCA9WgAwIBAgIURKS2ggzKV0XKM6IdSqPjDvsr9AowDQYJKoZIhvcNAQEL
|
||||||
|
BQAwgYUxCzAJBgNVBAYTAkVYMRAwDgYDVQQIDAdleGFtcGxlMRAwDgYDVQQHDAdl
|
||||||
|
eGFtcGxlMRowGAYDVQQKDBFBbnNpYmxlIEhhY2t5IFBLSTEaMBgGA1UECwwRQW5z
|
||||||
|
aWJsZSBIYWNreSBQS0kxGjAYBgNVBAMMEWFuc2lsYmUtaGFja3ktcGtpMB4XDTIx
|
||||||
|
MDkwODE1NDQ0MVoXDTMxMDkwNjE1NDQ0MVowgYUxCzAJBgNVBAYTAkVYMRAwDgYD
|
||||||
|
VQQIDAdleGFtcGxlMRAwDgYDVQQHDAdleGFtcGxlMRowGAYDVQQKDBFBbnNpYmxl
|
||||||
|
IEhhY2t5IFBLSTEaMBgGA1UECwwRQW5zaWJsZSBIYWNreSBQS0kxGjAYBgNVBAMM
|
||||||
|
EWFuc2lsYmUtaGFja3ktcGtpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
|
||||||
|
AgEA2htZI/32cf2VJlzAkzEEBlaEul7l+pl5rM/i+sYr/1i0m6L1g0qQjAwnxw5g
|
||||||
|
6PeiIxd8i9Ea12DyhmXfKVZBqZy8t6kqw97qbXe1duUuadwkb5OWGZvb/z5UbkuY
|
||||||
|
Q+EeqTfFdTkhNzB4Z6AfGW4C856tdEUYE1SfzLIQC77kXwJ4DJ4PrDaf5PeX8gMr
|
||||||
|
do2JL12Ns+SV75cJ/IiOaSwDPQLkvqwYqgCN7m3eYXFMs7vZLvvttBN3sQjnpCCF
|
||||||
|
IW62mW1CjnBwfbktjDRuLFve2h3rSvYFbd2KPsjpvhhB6xer1MJSBzHgxU+tIXXb
|
||||||
|
bOCsU/0hH5L9zLH4O5ncmfLeYovzDuAvYfxAQ+Mq/9x7cnrx0KOAA9BLMZzSz52d
|
||||||
|
h2eqHVIqmKrJAcyAdSZtBd7WJEZfcL3m7Dipe/byqLV7e1YhVlbavlZk+1rMDVBh
|
||||||
|
lbiP0KIfC5qTznmGuNZrkd3qavJPA7H9WCx16QdIeg9ZPqxKp3rHtcBfd9O8yVLj
|
||||||
|
Kho0jUw4gXjzUNZACnoip6k3GBsbz+Ennb2ZinKr0ov/wbWWGTpW4zxrptxL/5Yz
|
||||||
|
IFmFN2N1e7URg5iD1kS3A209jx38cPx3kTMZVuiuEwy3PBlfVJBd2FCc3g0sQh8g
|
||||||
|
IMhhC2J1EIz++gRx0zBPELJkbYSAVqBTxelEDQnP9syTjOECAwEAAaNTMFEwHQYD
|
||||||
|
VR0OBBYEFDQH2VvvQolBnW06yMTfTmrtUOhRMB8GA1UdIwQYMBaAFDQH2VvvQolB
|
||||||
|
nW06yMTfTmrtUOhRMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB
|
||||||
|
AJWK/icvN3aq8dm03I07393+o2olxJBJ9+1rugpz7HlpNhh4o3kuPKtn0FtVaKRN
|
||||||
|
LfmqI8FC2iunakfln4ew2gmt15hUnaT5QlMPz4Wp9Bs1jSdizpalttJ57kb6Rtkq
|
||||||
|
zgJshPjTwd0EsTI919Mu+m5jnE01bFuKa/mIZHuhS7YQE0VPjW1twfb0jE2Gxpn/
|
||||||
|
aSVvT06zC9OAHsC8Ebc6+uIiQATkWMxT5sLrdddhpAg53fQckx4H+XLI5SwtZ2Md
|
||||||
|
tFxu55drDwFY2AVKyPKc+LQ7FnEDrlMVpd5FeUXb/bGOIcv1ZNh0fD2jMXa3C+/q
|
||||||
|
vQCKt2phTSOx/WsOHM0YfqIZef8Zcpt5TZSdHTKfxtLNItEHCHnFo7Zggx3RjZdr
|
||||||
|
1yz+LdpmKfMZ8p6XRaRAH42kUwuSJkMr1/UGAc3Phund8ySM7lwpnqyE6tPGkNYX
|
||||||
|
xhUaAV0/fAbeVxRcgpbMOqAAhEdFFPySSipNgEzo1OUQfB7bIJuoZP5v44vna2fi
|
||||||
|
+q7vv/7miOJemb14ILp0kWvlOOFOnYnIn9F8lTVQosq1fzmxMcLsLiA5QV4ucvgk
|
||||||
|
UJnwkzvSx1cIg9o50RL81YyqAG5zFT3SoZIaHxrNM45FJVUBCRocgV+B48L2sRlE
|
||||||
|
YRj4p9wG46WoMCvnNxdgL2/MQfp+Y8rinDEk1BG1Zb8g
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
# This variables HAVE to be storred in a vault.
|
||||||
|
ca_key: |
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: AES-256-CBC,EABBE7D2AC7D31F05392F733E9F9B031
|
||||||
|
|
||||||
|
vbKyyhou4oJIZEXL1U4ESbUJ/r5Im9lZNatJwZISOnD3E//+Vf3QaIb+sQ2xNym9
|
||||||
|
zbAPtLW5KCrmda8rf93NVRMC4sOr4+NVIxL3YUc49N3ziu82qETXxOUU1doXk+1k
|
||||||
|
U+h+LPU0jcVeqExcY5RZVHibC63T+3i50DmPH//WeaiXPrvzuJ5aNjGP6Ku7Odlo
|
||||||
|
SLWZOG1kLYL6y4iM6A2s15IA+8J/itSDACW4yp1cnLD96nkxU0L/vKQ+PEV9cuMi
|
||||||
|
1UeLbUfAKMhQNJyaIOAB7OwJ+tDQQFsUIbqv0FKWlNYCanjqvRHjzyEj1jgTyBwH
|
||||||
|
t9KWHljJk5459ko9wbcdRwXisoTNuUMboEFqeJSPJAPpv0HN+kE4rlgaKXOKemtv
|
||||||
|
mQBuxm78BiUzdn9oWDBoRmSs6NP1YtZbAbdJ5HWdQtNy+zIMt3UT4gsVHBYijilJ
|
||||||
|
+YDeNMXsE9w735Hg4zx6AtDjfMlGAZrnUj7TWBDhRI81wtfZAgkPzFNo6dweQGwJ
|
||||||
|
dfSfU6kRyqhtO8jip/BzE0pxuqSZM7UwxZC4TwALTES2QHLvQj3r2yXwft5BoRry
|
||||||
|
Np5DtiMUqUafCuzlZJ1Uql7fgqWlfe0sL9FNnDo+6gBgIMu1oY+rfr5O7Q5ssFko
|
||||||
|
01qTZjZtIaRs24RQnACpobXOMUxaqKdYjZ9/iknqyvVZKgolJUTjBXEoP+KxkDB5
|
||||||
|
QaTjEPm/V/cLhmw1PpuHC7GbZAa+sCnlGfOfxenUqnlH+8g+BcqTP3H7sc8KvCNP
|
||||||
|
y/T0LurNZYu/BObIyvJlqfP8SVgt7jDBfVUFm5dQgNgOD2UdDyUJFW02dXIqQODg
|
||||||
|
7GCIo0S9/5USDBhYmKyOA/WplxQuSWCzK/KS8O3FcegHRya3Ye6MHi5Ovsb+xvPh
|
||||||
|
dJWUjIkfQW75biVI42Vp3zpW6rVljzKx0WcGb2gCAWVVd6jP6m/bXPZpMRIGXdxh
|
||||||
|
e9r653PgC4E87vy6gyq8lx7OwXikvhePfPuNPshX0otTFQGuUa7O4Y0oJM447iAV
|
||||||
|
wL/q55pVCgzXZq5h7gxRdrEgQouGTfswYsD+75idkg+qomJ1iwORrPvm5QsWSnfF
|
||||||
|
n+uPSTxtqoXHVzoNzSzCxhSOTH7XHgsQGvgUVaZpUyH052ZN5WP7mHLMMJsva9io
|
||||||
|
6cNhpCtOxGaG2YoffvTt8SvSZ0qpxoUUiGOBYLNl98K4ViEzV/E6KWt83iBdTTGT
|
||||||
|
VL19wnGkqpG98Zuw9F43bSjZAS08hnpflhy2xuUeQxuPk+ewvRjDR/u/WYll/h2J
|
||||||
|
3ylvLzRKeWsYsAfiX8U9rwQsmDo5zqR/8hiIMivUC4QW/Y9hYGDNYlPrujthNVpc
|
||||||
|
pcEvLuO8ZRSpw4d/gS1junKa5J8H0rEVIRQKGr10xlZOrj9/+8Jl2PePV7e9/IWv
|
||||||
|
9rQwI3gr9/rE8TSwYbeIfWizVFKZRqetEDhUFVwKZRwuV+70igoutTNF5qqq8A2G
|
||||||
|
5ShSnHQqLbs/OWaM8cAPFOepVQ2JbzlVPTAa29zTAt+5z2n0zAGMaNPf404h4EqG
|
||||||
|
6E3HBCRbJjefdbW/UQJp+kPQhOIh/mQKsxavBgE0v66fugKSD9dZcyY9ZeT5iUZL
|
||||||
|
TtG4p7Y6+0Wzk9C3zla45iTuvok7ayhHEEBAnRmoBMJGvvbiYG7KsgKzeeBUsExA
|
||||||
|
gEWFGVmCymkZ8wogTYF0KI6cpRQgOVgKnDFoSF6+YHFm/xdwJGP2y7shwRrFfPjQ
|
||||||
|
SJyWrdM5QiaDjDD5GN8eccIINRiRiLKnxA6fpUeV5VIPmcxTIgcldTicrtp2WJY/
|
||||||
|
zX/qrCuEjRfJ4icDOxvyqJMglMuB5WV43hjzPIZSYGpk+G9g2WLep8kRroC24IuH
|
||||||
|
4qRFfiJIKTCCc+JcanhlV3u6vHdmxYdEHXV6UO7297PiZ7dWp1uO9/9cM8KcaYl1
|
||||||
|
KDjpcx2Rt8MmeS/7U6deXUyEpKJqhE6ee8wC0CEFZkD64BH9w4jKn0CcBMhmGY8+
|
||||||
|
ZLKw8jZb6ixuWi3zfpLdGHupQW2fyi8aaPQRvmrRw83HUksIGesDFC7eVaU9qtsb
|
||||||
|
ZQvFM+9kkWyfT2P8rjTz0fcBXp7oO9v2u3sYUnhYJkhumxdcGlz5StZV/i+6LB0S
|
||||||
|
vKn8CtMNppJLpb8h/qGXdogTkQ7FLiDkt8aHPp7Mk6KhvQ+zgVIodIunj3ft+Fkv
|
||||||
|
fytb/VFVwekw3c2MqmKtfngCtCuA9PFPdXQrPq+0p02tzpLj/aNnJHrrIKQfySiD
|
||||||
|
6n266HB0gO4XlVPS9kC0UjbVqMqP0Y2zaUt6IJPO6dflMqXAwHqLMByYTOOvjQAj
|
||||||
|
CpjFme+PoJGpwnU67qvYtHfNeWznC5Xg0pBXeDpHd9S/zD2LJdujI5v0MVOVaxps
|
||||||
|
nkA+pPg9u1Mxxeyh3poUcjR2tK2suA4jszuo5EG2pysRGA9HlkQdREfVyqha99pL
|
||||||
|
4gTc3H7tcStOql1kudYOdQBmDnAr89vnJ3sxYQwV8tNNzssxd93oIF71ZqR31tlk
|
||||||
|
Lwl2RHKRml30tQucBDZhKowcy5PDdLKHohW3f9ldE02p7ykr9z08efYDUDtRRyST
|
||||||
|
lZdUSHQT48UvHsrxkjjLJcSESkNsFS0Aoda+/I4pPzcu0l7Lx1Mp9mrx0sfk3ICj
|
||||||
|
vP9eImtmYbeUF8pTpAehLbAsk9p9PjqGiKVq3AIVzVJ1rKMmYddr+qHHp0dNsdNJ
|
||||||
|
Vg4cLUISh7ZCRhr3JEs3Ldmt7pPcHjlE6fTjXDLojnc3CQdiNOkGgrXciIb0pkji
|
||||||
|
5b4UMiAqfdrC5E1/QFBiuEp4VhX20kdVQmEMyfyvhfJX3tMfjKCTanehgYAsl7Fm
|
||||||
|
17hyZ3DLPFhNtcZWLuBOsKr3fQxpBevbHDxn2rzN5vKAq7QbKN0mEvA5xgq0PU8W
|
||||||
|
UipW5ZkKnc8LWkkzhc4aAU6qtvVddqwZgSxAcdmum+0YM71Fw8+PWmrMaTe8myrz
|
||||||
|
v1JPtjVvj4mFeHNDmid6m3COqOpUpKLJTqTvR3d/7jpIEW3lTTOCzwtSP1csENXO
|
||||||
|
s5nq8xvZBmmXXV8CyolEKqTe3dqOeddLLZTTicXi15eZX3ZxlhY8HQmx3Ybffn7y
|
||||||
|
iKkhjgSIm7tWWR5lxd/dpeoEM/+tvcZ0KJqFsbPv9jmZPl4/PfBf7O185K7KCY9L
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
ca_passphrase: seCuREpaSsphRasE
|
||||||
|
|
Loading…
Reference in a new issue