volker.raschek/ansible-role-certificate-authority
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Initial Commit
Some checks failed
Lint Markdown files / markdown-lint (push) Successful in 11s
Details
Ansible Linter / ansible-lint (push) Failing after 49s
Details

Browse Source
This commit is contained in:
Markus Pesch
2025-07-30 22:09:38 +02:00
commit a0ea59c528
27 changed files with 2808 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
tasks/intermediate_certificate_authority_protected.yaml Normal file
View File

@ -0,0 +1,44 @@
---
- name: Create private key for intermediate CA
community.crypto.openssl_privatekey:
passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
type: "{{ certificate_authority_intermediate_ca_tls_key_type }}"
- name: Create a certificate signing request (CSR) for intermediate CA
community.crypto.openssl_csr:
basic_constraints:
- "CA:TRUE"
common_name: "{{ certificate_authority_intermediate_ca_common_name }}"
path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem"
privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
use_common_name_for_san: false
- name: Create signed client certificate - unprotected root Certificate Authority (CA)
community.crypto.x509_certificate:
csr_path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem"
ownca_not_after: "{{ certificate_authority_intermediate_ca_not_after }}"
ownca_not_before: "{{ certificate_authority_intermediate_ca_not_before }}"
ownca_path: "{{ certificate_authority_root_ca_path }}/cert.pem"
ownca_privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
path: "{{ certificate_authority_intermediate_ca_path }}/cert.pem"
privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
provider: ownca
when: certificate_authority_root_ca_tls_key_passphrase is defined and
certificate_authority_root_ca_tls_key_passphrase | length <= 0
- name: Create signed client certificate - passphrase protected root Certificate Authority (CA)
community.crypto.x509_certificate:
csr_path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem"
ownca_not_after: "{{ certificate_authority_intermediate_ca_not_after }}"
ownca_not_before: "{{ certificate_authority_intermediate_ca_not_before }}"
ownca_path: "{{ certificate_authority_root_ca_path }}/cert.pem"
ownca_privatekey_passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}"
ownca_privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
path: "{{ certificate_authority_intermediate_ca_path }}/cert.pem"
privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
provider: ownca
when: certificate_authority_root_ca_tls_key_passphrase is defined and
certificate_authority_root_ca_tls_key_passphrase | length > 0