You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39 lines
1.3 KiB
YAML
39 lines
1.3 KiB
YAML
---
|
|
# create a CA to create SSL certs just for transport encryption
|
|
#
|
|
- name: "Ensure directory for selfsigned CA"
|
|
file:
|
|
path: "{{ selfsigned_ca_dir }}"
|
|
state: directory
|
|
mode: "0755"
|
|
owner: root
|
|
group: root
|
|
|
|
- name: "Create private key with password protection"
|
|
community.crypto.openssl_privatekey:
|
|
path: "{{ selfsigned_ca_dir }}/ca-certificate.key"
|
|
passphrase: "{{ selfsigned_ca_private_key_passphrase }}"
|
|
cipher: auto
|
|
|
|
- name: "Create certificate signing request (CSR) for CA certificate"
|
|
community.crypto.openssl_csr_pipe:
|
|
privatekey_path: "{{ selfsigned_ca_dir }}/ca-certificate.key"
|
|
privatekey_passphrase: "{{ selfsigned_ca_private_key_passphrase }}"
|
|
common_name: "SMARDIGO Ansible CA {{ stage }}"
|
|
use_common_name_for_san: false
|
|
basic_constraints:
|
|
- "CA:TRUE"
|
|
basic_constraints_critical: yes
|
|
key_usage:
|
|
- keyCertSign
|
|
key_usage_critical: true
|
|
register: ca_csr
|
|
|
|
- name: "Create self-signed CA certificate from CSR"
|
|
community.crypto.x509_certificate:
|
|
path: "{{ selfsigned_ca_dir }}/ca-certificate.pem"
|
|
csr_content: "{{ ca_csr.csr }}"
|
|
privatekey_path: "{{ selfsigned_ca_dir }}/ca-certificate.key"
|
|
privatekey_passphrase: "{{ selfsigned_ca_private_key_passphrase }}"
|
|
provider: selfsigned
|