volker.raschek/ansible-role-certificate-authority
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: support further TLS certification properties
Some checks failed
Lint Markdown files / markdown-lint (push) Successful in 10s
Details
Ansible Linter / ansible-lint (push) Failing after 46s
Details

Browse Source
This commit is contained in:
Markus Pesch
2025-07-31 18:46:19 +02:00
parent c3fb49bbd4
commit 1c40b1d59b
8 changed files with 104 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tasks/client_certificate_protected.yaml
View File

@ -10,12 +10,18 @@
- name: Create a certificate signing request (CSR) for client certificate without subject alternative names (SANs)
community.crypto.openssl_csr:
common_name: "{{ certificate_authority_client_common_name }}"
countryName: "{{ certificate_authority_client_country_name }}"
email_address: "{{ certificate_authority_client_email_address }}"
extendedKeyUsage:
- clientAuth
- serverAuth
organization_name: "{{ certificate_authority_client_organization_name }}"
organizational_unit_name: "{{ certificate_authority_client_organizational_unit_name }}"
path: "{{ certificate_authority_client_path }}/cert-req.pem"
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
state: "{{ certificate_authority_client_state }}"
when: |
certificate_authority_client_subject_alternative_names is not defined or
(certificate_authority_client_subject_alternative_names is defined and
@ -24,12 +30,18 @@
- name: Create a certificate signing request (CSR) for client certificate with subject alternative names (SANs)
community.crypto.openssl_csr:
common_name: "{{ certificate_authority_client_common_name }}"
countryName: "{{ certificate_authority_client_country_name }}"
email_address: "{{ certificate_authority_client_email_address }}"
extendedKeyUsage:
- clientAuth
- serverAuth
organization_name: "{{ certificate_authority_client_organization_name }}"
organizational_unit_name: "{{ certificate_authority_client_organizational_unit_name }}"
path: "{{ certificate_authority_client_path }}/cert-req.pem"
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
state: "{{ certificate_authority_client_state }}"
subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}"
when: certificate_authority_client_subject_alternative_names is defined and
certificate_authority_client_subject_alternative_names | length > 0

13
tasks/client_certificate_unprotected.yaml
View File

@ -8,11 +8,18 @@
- name: Create a certificate signing request (CSR) for client certificate without subject alternative names (SANs)
community.crypto.openssl_csr:
common_name: "{{ certificate_authority_client_common_name }}"
countryName: "{{ certificate_authority_client_country_name }}"
email_address: "{{ certificate_authority_client_email_address }}"
extendedKeyUsage:
- clientAuth
- serverAuth
organization_name: "{{ certificate_authority_client_organization_name }}"
organizational_unit_name: "{{ certificate_authority_client_organizational_unit_name }}"
path: "{{ certificate_authority_client_path }}/cert-req.pem"
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
state: "{{ certificate_authority_client_state }}"
when: |
certificate_authority_client_subject_alternative_names is not defined or
(certificate_authority_client_subject_alternative_names is defined and
@ -21,11 +28,17 @@
- name: Create a certificate signing request (CSR) for client certificate with subject alternative names (SANs)
community.crypto.openssl_csr:
common_name: "{{ certificate_authority_client_common_name }}"
countryName: "{{ certificate_authority_client_country_name }}"
email_address: "{{ certificate_authority_client_email_address }}"
extendedKeyUsage:
- clientAuth
- serverAuth
organization_name: "{{ certificate_authority_client_organization_name }}"
organizational_unit_name: "{{ certificate_authority_client_organizational_unit_name }}"
path: "{{ certificate_authority_client_path }}/cert-req.pem"
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
state: "{{ certificate_authority_client_state }}"
subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}"
when: certificate_authority_client_subject_alternative_names is defined and
certificate_authority_client_subject_alternative_names | length > 0

6
tasks/intermediate_certificate_authority_protected.yaml
View File

@ -12,9 +12,15 @@
basic_constraints:
- "CA:TRUE"
common_name: "{{ certificate_authority_intermediate_ca_common_name }}"
countryName: "{{ certificate_authority_intermediate_ca_country_name }}"
email_address: "{{ certificate_authority_intermediate_ca_email_address }}"
organization_name: "{{ certificate_authority_intermediate_ca_organization_name }}"
organizational_unit_name: "{{ certificate_authority_intermediate_ca_organizational_unit_name }}"
path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem"
privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}"
state: "{{ certificate_authority_intermediate_ca_state }}"
use_common_name_for_san: false
- name: Create signed client certificate - unprotected root Certificate Authority (CA)

6
tasks/intermediate_certificate_authority_unprotected.yaml
View File

@ -10,8 +10,14 @@
basic_constraints:
- "CA:TRUE"
common_name: "{{ certificate_authority_intermediate_ca_common_name }}"
countryName: "{{ certificate_authority_intermediate_ca_country_name }}"
email_address: "{{ certificate_authority_intermediate_ca_email_address }}"
organization_name: "{{ certificate_authority_intermediate_ca_organization_name }}"
organizational_unit_name: "{{ certificate_authority_intermediate_ca_organizational_unit_name }}"
path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem"
privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}"
state: "{{ certificate_authority_intermediate_ca_state }}"
use_common_name_for_san: false
- name: Create signed client certificate - unprotected root Certificate Authority (CA)

8
tasks/root_certificate_authority_protected.yaml
View File

@ -12,9 +12,15 @@
basic_constraints:
- "CA:TRUE"
common_name: "{{ certificate_authority_root_ca_common_name }}"
countryName: "{{ certificate_authority_root_ca_country_name }}"
email_address: "{{ certificate_authority_root_ca_email_address }}"
organization_name: "{{ certificate_authority_root_ca_organization_name }}"
organizational_unit_name: "{{ certificate_authority_root_ca_organizational_unit_name }}"
path: "{{ certificate_authority_root_ca_path }}/cert-req.pem"
privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
privatekey_passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}"
privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}"
state: "{{ certificate_authority_root_ca_state }}"
use_common_name_for_san: false
- name: Create self-signed certificate for root CA

6
tasks/root_certificate_authority_unprotected.yaml
View File

@ -10,8 +10,14 @@
basic_constraints:
- "CA:TRUE"
common_name: "{{ certificate_authority_root_ca_common_name }}"
countryName: "{{ certificate_authority_root_ca_country_name }}"
email_address: "{{ certificate_authority_root_ca_email_address }}"
organization_name: "{{ certificate_authority_root_ca_organization_name }}"
organizational_unit_name: "{{ certificate_authority_root_ca_organizational_unit_name }}"
path: "{{ certificate_authority_root_ca_path }}/cert-req.pem"
privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}"
state: "{{ certificate_authority_root_ca_state }}"
use_common_name_for_san: false
- name: Create self-signed certificate for root CA