Explain how to generate a CA
This commit is contained in:
parent
cb7dc99f5b
commit
eaacbca6dc
GPG key ID:
67486F107F62E9E9
2 changed files with 139 additions and 3 deletions
47
README.md
47
README.md
|
|
@ -8,4 +8,51 @@ The Public Certificate of the CA and its Private Key are ansible variables. Make
|
|||
|
||||
## Generate a CA
|
||||
|
||||
### Generate a key
|
||||
|
||||
```
|
||||
openssl genrsa -out ca.key -aes256 4096
|
||||
```
|
||||
|
||||
It will ask a passphrase. Put the passphrase in a vault as `ca_passphrase`.
|
||||
|
||||
Then, put the content of `ca.key` in the vaul:
|
||||
|
||||
```
|
||||
ca_key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,EABBE7D2AC7D31F05392F733E9F9B031
|
||||
|
||||
vbKyyhou4oJIZEXL1U4ESbUJ/r5Im9lZNatJwZISOnD3E//+Vf3QaIb+sQ2xNym9
|
||||
...
|
||||
iKkhjgSIm7tWWR5lxd/dpeoEM/+tvcZ0KJqFsbPv9jmZPl4/PfBf7O185K7KCY9L
|
||||
-----END RSA PRIVATE KEY-----
|
||||
```
|
||||
|
||||
### Generate the certificate
|
||||
|
||||
```
|
||||
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
|
||||
```
|
||||
|
||||
You can replace `3650` by the validity periode you want for your certificate.
|
||||
|
||||
You will be ask questions for the content of the certificate, answer adequately.
|
||||
|
||||
Then, put the content of `ca.pem` in the variables as `ca_cert`:
|
||||
|
||||
```
|
||||
ca_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIF7TCCA9WgAwIBAgIURKS2ggzKV0XKM6IdSqPjDvsr9AowDQYJKoZIhvcNAQEL
|
||||
...
|
||||
YRj4p9wG46WoMCvnNxdgL2/MQfp+Y8rinDEk1BG1Zb8g
|
||||
-----END CERTIFICATE-----
|
||||
```
|
||||
|
||||
Then, don't forget to remode the file `ca.key`.
|
||||
|
||||
|
||||
|
||||
## How does it works ?
|
||||
|
|
|
|||
|
|
@ -1,4 +1,93 @@
|
|||
---
|
||||
ca_public:
|
||||
# This variable HAS to be storred in a vault.
|
||||
ca_private:
|
||||
ca_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIF7TCCA9WgAwIBAgIURKS2ggzKV0XKM6IdSqPjDvsr9AowDQYJKoZIhvcNAQEL
|
||||
BQAwgYUxCzAJBgNVBAYTAkVYMRAwDgYDVQQIDAdleGFtcGxlMRAwDgYDVQQHDAdl
|
||||
eGFtcGxlMRowGAYDVQQKDBFBbnNpYmxlIEhhY2t5IFBLSTEaMBgGA1UECwwRQW5z
|
||||
aWJsZSBIYWNreSBQS0kxGjAYBgNVBAMMEWFuc2lsYmUtaGFja3ktcGtpMB4XDTIx
|
||||
MDkwODE1NDQ0MVoXDTMxMDkwNjE1NDQ0MVowgYUxCzAJBgNVBAYTAkVYMRAwDgYD
|
||||
VQQIDAdleGFtcGxlMRAwDgYDVQQHDAdleGFtcGxlMRowGAYDVQQKDBFBbnNpYmxl
|
||||
IEhhY2t5IFBLSTEaMBgGA1UECwwRQW5zaWJsZSBIYWNreSBQS0kxGjAYBgNVBAMM
|
||||
EWFuc2lsYmUtaGFja3ktcGtpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
|
||||
AgEA2htZI/32cf2VJlzAkzEEBlaEul7l+pl5rM/i+sYr/1i0m6L1g0qQjAwnxw5g
|
||||
6PeiIxd8i9Ea12DyhmXfKVZBqZy8t6kqw97qbXe1duUuadwkb5OWGZvb/z5UbkuY
|
||||
Q+EeqTfFdTkhNzB4Z6AfGW4C856tdEUYE1SfzLIQC77kXwJ4DJ4PrDaf5PeX8gMr
|
||||
do2JL12Ns+SV75cJ/IiOaSwDPQLkvqwYqgCN7m3eYXFMs7vZLvvttBN3sQjnpCCF
|
||||
IW62mW1CjnBwfbktjDRuLFve2h3rSvYFbd2KPsjpvhhB6xer1MJSBzHgxU+tIXXb
|
||||
bOCsU/0hH5L9zLH4O5ncmfLeYovzDuAvYfxAQ+Mq/9x7cnrx0KOAA9BLMZzSz52d
|
||||
h2eqHVIqmKrJAcyAdSZtBd7WJEZfcL3m7Dipe/byqLV7e1YhVlbavlZk+1rMDVBh
|
||||
lbiP0KIfC5qTznmGuNZrkd3qavJPA7H9WCx16QdIeg9ZPqxKp3rHtcBfd9O8yVLj
|
||||
Kho0jUw4gXjzUNZACnoip6k3GBsbz+Ennb2ZinKr0ov/wbWWGTpW4zxrptxL/5Yz
|
||||
IFmFN2N1e7URg5iD1kS3A209jx38cPx3kTMZVuiuEwy3PBlfVJBd2FCc3g0sQh8g
|
||||
IMhhC2J1EIz++gRx0zBPELJkbYSAVqBTxelEDQnP9syTjOECAwEAAaNTMFEwHQYD
|
||||
VR0OBBYEFDQH2VvvQolBnW06yMTfTmrtUOhRMB8GA1UdIwQYMBaAFDQH2VvvQolB
|
||||
nW06yMTfTmrtUOhRMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB
|
||||
AJWK/icvN3aq8dm03I07393+o2olxJBJ9+1rugpz7HlpNhh4o3kuPKtn0FtVaKRN
|
||||
LfmqI8FC2iunakfln4ew2gmt15hUnaT5QlMPz4Wp9Bs1jSdizpalttJ57kb6Rtkq
|
||||
zgJshPjTwd0EsTI919Mu+m5jnE01bFuKa/mIZHuhS7YQE0VPjW1twfb0jE2Gxpn/
|
||||
aSVvT06zC9OAHsC8Ebc6+uIiQATkWMxT5sLrdddhpAg53fQckx4H+XLI5SwtZ2Md
|
||||
tFxu55drDwFY2AVKyPKc+LQ7FnEDrlMVpd5FeUXb/bGOIcv1ZNh0fD2jMXa3C+/q
|
||||
vQCKt2phTSOx/WsOHM0YfqIZef8Zcpt5TZSdHTKfxtLNItEHCHnFo7Zggx3RjZdr
|
||||
1yz+LdpmKfMZ8p6XRaRAH42kUwuSJkMr1/UGAc3Phund8ySM7lwpnqyE6tPGkNYX
|
||||
xhUaAV0/fAbeVxRcgpbMOqAAhEdFFPySSipNgEzo1OUQfB7bIJuoZP5v44vna2fi
|
||||
+q7vv/7miOJemb14ILp0kWvlOOFOnYnIn9F8lTVQosq1fzmxMcLsLiA5QV4ucvgk
|
||||
UJnwkzvSx1cIg9o50RL81YyqAG5zFT3SoZIaHxrNM45FJVUBCRocgV+B48L2sRlE
|
||||
YRj4p9wG46WoMCvnNxdgL2/MQfp+Y8rinDEk1BG1Zb8g
|
||||
-----END CERTIFICATE-----
|
||||
# This variables HAVE to be storred in a vault.
|
||||
ca_key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,EABBE7D2AC7D31F05392F733E9F9B031
|
||||
|
||||
vbKyyhou4oJIZEXL1U4ESbUJ/r5Im9lZNatJwZISOnD3E//+Vf3QaIb+sQ2xNym9
|
||||
zbAPtLW5KCrmda8rf93NVRMC4sOr4+NVIxL3YUc49N3ziu82qETXxOUU1doXk+1k
|
||||
U+h+LPU0jcVeqExcY5RZVHibC63T+3i50DmPH//WeaiXPrvzuJ5aNjGP6Ku7Odlo
|
||||
SLWZOG1kLYL6y4iM6A2s15IA+8J/itSDACW4yp1cnLD96nkxU0L/vKQ+PEV9cuMi
|
||||
1UeLbUfAKMhQNJyaIOAB7OwJ+tDQQFsUIbqv0FKWlNYCanjqvRHjzyEj1jgTyBwH
|
||||
t9KWHljJk5459ko9wbcdRwXisoTNuUMboEFqeJSPJAPpv0HN+kE4rlgaKXOKemtv
|
||||
mQBuxm78BiUzdn9oWDBoRmSs6NP1YtZbAbdJ5HWdQtNy+zIMt3UT4gsVHBYijilJ
|
||||
+YDeNMXsE9w735Hg4zx6AtDjfMlGAZrnUj7TWBDhRI81wtfZAgkPzFNo6dweQGwJ
|
||||
dfSfU6kRyqhtO8jip/BzE0pxuqSZM7UwxZC4TwALTES2QHLvQj3r2yXwft5BoRry
|
||||
Np5DtiMUqUafCuzlZJ1Uql7fgqWlfe0sL9FNnDo+6gBgIMu1oY+rfr5O7Q5ssFko
|
||||
01qTZjZtIaRs24RQnACpobXOMUxaqKdYjZ9/iknqyvVZKgolJUTjBXEoP+KxkDB5
|
||||
QaTjEPm/V/cLhmw1PpuHC7GbZAa+sCnlGfOfxenUqnlH+8g+BcqTP3H7sc8KvCNP
|
||||
y/T0LurNZYu/BObIyvJlqfP8SVgt7jDBfVUFm5dQgNgOD2UdDyUJFW02dXIqQODg
|
||||
7GCIo0S9/5USDBhYmKyOA/WplxQuSWCzK/KS8O3FcegHRya3Ye6MHi5Ovsb+xvPh
|
||||
dJWUjIkfQW75biVI42Vp3zpW6rVljzKx0WcGb2gCAWVVd6jP6m/bXPZpMRIGXdxh
|
||||
e9r653PgC4E87vy6gyq8lx7OwXikvhePfPuNPshX0otTFQGuUa7O4Y0oJM447iAV
|
||||
wL/q55pVCgzXZq5h7gxRdrEgQouGTfswYsD+75idkg+qomJ1iwORrPvm5QsWSnfF
|
||||
n+uPSTxtqoXHVzoNzSzCxhSOTH7XHgsQGvgUVaZpUyH052ZN5WP7mHLMMJsva9io
|
||||
6cNhpCtOxGaG2YoffvTt8SvSZ0qpxoUUiGOBYLNl98K4ViEzV/E6KWt83iBdTTGT
|
||||
VL19wnGkqpG98Zuw9F43bSjZAS08hnpflhy2xuUeQxuPk+ewvRjDR/u/WYll/h2J
|
||||
3ylvLzRKeWsYsAfiX8U9rwQsmDo5zqR/8hiIMivUC4QW/Y9hYGDNYlPrujthNVpc
|
||||
pcEvLuO8ZRSpw4d/gS1junKa5J8H0rEVIRQKGr10xlZOrj9/+8Jl2PePV7e9/IWv
|
||||
9rQwI3gr9/rE8TSwYbeIfWizVFKZRqetEDhUFVwKZRwuV+70igoutTNF5qqq8A2G
|
||||
5ShSnHQqLbs/OWaM8cAPFOepVQ2JbzlVPTAa29zTAt+5z2n0zAGMaNPf404h4EqG
|
||||
6E3HBCRbJjefdbW/UQJp+kPQhOIh/mQKsxavBgE0v66fugKSD9dZcyY9ZeT5iUZL
|
||||
TtG4p7Y6+0Wzk9C3zla45iTuvok7ayhHEEBAnRmoBMJGvvbiYG7KsgKzeeBUsExA
|
||||
gEWFGVmCymkZ8wogTYF0KI6cpRQgOVgKnDFoSF6+YHFm/xdwJGP2y7shwRrFfPjQ
|
||||
SJyWrdM5QiaDjDD5GN8eccIINRiRiLKnxA6fpUeV5VIPmcxTIgcldTicrtp2WJY/
|
||||
zX/qrCuEjRfJ4icDOxvyqJMglMuB5WV43hjzPIZSYGpk+G9g2WLep8kRroC24IuH
|
||||
4qRFfiJIKTCCc+JcanhlV3u6vHdmxYdEHXV6UO7297PiZ7dWp1uO9/9cM8KcaYl1
|
||||
KDjpcx2Rt8MmeS/7U6deXUyEpKJqhE6ee8wC0CEFZkD64BH9w4jKn0CcBMhmGY8+
|
||||
ZLKw8jZb6ixuWi3zfpLdGHupQW2fyi8aaPQRvmrRw83HUksIGesDFC7eVaU9qtsb
|
||||
ZQvFM+9kkWyfT2P8rjTz0fcBXp7oO9v2u3sYUnhYJkhumxdcGlz5StZV/i+6LB0S
|
||||
vKn8CtMNppJLpb8h/qGXdogTkQ7FLiDkt8aHPp7Mk6KhvQ+zgVIodIunj3ft+Fkv
|
||||
fytb/VFVwekw3c2MqmKtfngCtCuA9PFPdXQrPq+0p02tzpLj/aNnJHrrIKQfySiD
|
||||
6n266HB0gO4XlVPS9kC0UjbVqMqP0Y2zaUt6IJPO6dflMqXAwHqLMByYTOOvjQAj
|
||||
CpjFme+PoJGpwnU67qvYtHfNeWznC5Xg0pBXeDpHd9S/zD2LJdujI5v0MVOVaxps
|
||||
nkA+pPg9u1Mxxeyh3poUcjR2tK2suA4jszuo5EG2pysRGA9HlkQdREfVyqha99pL
|
||||
4gTc3H7tcStOql1kudYOdQBmDnAr89vnJ3sxYQwV8tNNzssxd93oIF71ZqR31tlk
|
||||
Lwl2RHKRml30tQucBDZhKowcy5PDdLKHohW3f9ldE02p7ykr9z08efYDUDtRRyST
|
||||
lZdUSHQT48UvHsrxkjjLJcSESkNsFS0Aoda+/I4pPzcu0l7Lx1Mp9mrx0sfk3ICj
|
||||
vP9eImtmYbeUF8pTpAehLbAsk9p9PjqGiKVq3AIVzVJ1rKMmYddr+qHHp0dNsdNJ
|
||||
Vg4cLUISh7ZCRhr3JEs3Ldmt7pPcHjlE6fTjXDLojnc3CQdiNOkGgrXciIb0pkji
|
||||
5b4UMiAqfdrC5E1/QFBiuEp4VhX20kdVQmEMyfyvhfJX3tMfjKCTanehgYAsl7Fm
|
||||
17hyZ3DLPFhNtcZWLuBOsKr3fQxpBevbHDxn2rzN5vKAq7QbKN0mEvA5xgq0PU8W
|
||||
UipW5ZkKnc8LWkkzhc4aAU6qtvVddqwZgSxAcdmum+0YM71Fw8+PWmrMaTe8myrz
|
||||
v1JPtjVvj4mFeHNDmid6m3COqOpUpKLJTqTvR3d/7jpIEW3lTTOCzwtSP1csENXO
|
||||
s5nq8xvZBmmXXV8CyolEKqTe3dqOeddLLZTTicXi15eZX3ZxlhY8HQmx3Ybffn7y
|
||||
iKkhjgSIm7tWWR5lxd/dpeoEM/+tvcZ0KJqFsbPv9jmZPl4/PfBf7O185K7KCY9L
|
||||
-----END RSA PRIVATE KEY-----
|
||||
ca_passphrase: seCuREpaSsphRasE
|
||||
|
|
|
|||
Loading…
Reference in a new issue