No description
Find a file
2021-09-08 17:49:25 +02:00
group_vars Explain how to generate a CA 2021-09-08 17:49:25 +02:00
roles/generate-cert/tasks create the directory structure 2021-09-08 15:59:32 +02:00
ansible.cfg create the directory structure 2021-09-08 15:59:32 +02:00
example.yml create the directory structure 2021-09-08 15:59:32 +02:00
hosts create the directory structure 2021-09-08 15:59:32 +02:00
LICENSE create the directory structure 2021-09-08 15:59:32 +02:00
README.md Explain how to generate a CA 2021-09-08 17:49:25 +02:00

Ansible Hacky PKI

Ansible Hacky PKI is an ansible role that generate certificates signed by a given CA.

The Public Certificate of the CA and its Private Key are ansible variables. Make sure to store the private key in a Vault and to not rease the CA used in example.

Dependencies

Generate a CA

Generate a key

openssl genrsa -out ca.key -aes256 4096

It will ask a passphrase. Put the passphrase in a vault as ca_passphrase.

Then, put the content of ca.key in the vaul:

ca_key: |
  -----BEGIN RSA PRIVATE KEY-----
  Proc-Type: 4,ENCRYPTED
  DEK-Info: AES-256-CBC,EABBE7D2AC7D31F05392F733E9F9B031

  vbKyyhou4oJIZEXL1U4ESbUJ/r5Im9lZNatJwZISOnD3E//+Vf3QaIb+sQ2xNym9
  ...
  iKkhjgSIm7tWWR5lxd/dpeoEM/+tvcZ0KJqFsbPv9jmZPl4/PfBf7O185K7KCY9L
  -----END RSA PRIVATE KEY-----

Generate the certificate

openssl req -new -x509 -days 3650 -key ca.key -out ca.pem

You can replace 3650 by the validity periode you want for your certificate.

You will be ask questions for the content of the certificate, answer adequately.

Then, put the content of ca.pem in the variables as ca_cert:

ca_cert: |
  -----BEGIN CERTIFICATE-----
  MIIF7TCCA9WgAwIBAgIURKS2ggzKV0XKM6IdSqPjDvsr9AowDQYJKoZIhvcNAQEL
  ...
  YRj4p9wG46WoMCvnNxdgL2/MQfp+Y8rinDEk1BG1Zb8g
  -----END CERTIFICATE-----

Then, don't forget to remode the file ca.key.

How does it works ?