volker.raschek/ansible-role-certificate-authority
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: volker.raschek:0.2.0
Branches Tags
volker.raschek:master volker.raschek:renovate/actions
volker.raschek:0.2.1 volker.raschek:0.2.0 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0
...
compare: volker.raschek:master
Branches Tags
volker.raschek:renovate/actions volker.raschek:master
volker.raschek:0.2.1 volker.raschek:0.2.0 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0

2 Commits
0.2.0 ... master

Author SHA1 Message Date
Markus Pesch
9267a743e7 docs(README): update documentation
Some checks failed
Lint Markdown files / markdown-lint (push) Successful in 10s
Details
Ansible Linter / ansible-lint (push) Failing after 59s
Details
2025-07-31 19:12:06 +02:00
Markus Pesch
ef2c31e64e fix: remove state
Some checks failed
Lint Markdown files / markdown-lint (push) Successful in 11s
Details
Ansible Linter / ansible-lint (push) Failing after 41s
Details
2025-07-31 19:08:10 +02:00
8 changed files with 6 additions and 23 deletions
Expand all files Collapse all files

9
README.md
View File

@ -28,12 +28,11 @@ certificate_authority_client_subject_alternative_names:
| `certificate_authority_root_ca_import` | Import the TLS certificate of the root certificate authority into the systems trust store. | `true` | | `certificate_authority_root_ca_import` | Import the TLS certificate of the root certificate authority into the systems trust store. | `true` |
| `certificate_authority_root_ca_path` | Directory where the private and public TLS key of the root certificate authority should be stored. | `/etc/ansible-playbook/pki/ca` | | `certificate_authority_root_ca_path` | Directory where the private and public TLS key of the root certificate authority should be stored. | `/etc/ansible-playbook/pki/ca` |
| `certificate_authority_root_ca_common_name` | Common Name (CN) of the root certificate authority. | `Ansible Root CA` | | `certificate_authority_root_ca_common_name` | Common Name (CN) of the root certificate authority. | `Ansible Root CA` |
| `certificate_authority_root_ca_country_name` | Common Name (CN) of the root certificate authority. | `""` | | `certificate_authority_root_ca_country_name` | Common Name (CN) of the root certificate authority. For example `US`, `FR` or `DE`. | `""` |
| `certificate_authority_root_ca_email_address` | E-Mail Address of the root certificate authority owner. | `""` | | `certificate_authority_root_ca_email_address` | E-Mail Address of the root certificate authority owner. | `""` |
| `certificate_authority_root_ca_organization_name` | Organization name of the root certificate authority owner. | `""` | | `certificate_authority_root_ca_organization_name` | Organization name of the root certificate authority owner. | `""` |
| `certificate_authority_root_ca_organizational_unit_name` | Organizational unit name of the root certificate authority. | `""` | | `certificate_authority_root_ca_organizational_unit_name` | Organizational unit name of the root certificate authority. | `""` |
| `certificate_authority_root_ca_state_or_province_name` | State or province name where the owner of the root certificate authority is located. | `""` | | `certificate_authority_root_ca_state_or_province_name` | State or province name where the owner of the root certificate authority is located. | `""` |
| `certificate_authority_root_ca_state` | State where the owner of the root certificate authority is located | `""` |
| `certificate_authority_root_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the root certificate authority. | `[]` | | `certificate_authority_root_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the root certificate authority. | `[]` |
| `certificate_authority_root_ca_not_after` | Time in the future from now when the TLS certificate should expire | `+3650d` | | `certificate_authority_root_ca_not_after` | Time in the future from now when the TLS certificate should expire | `+3650d` |
| `certificate_authority_root_ca_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` | | `certificate_authority_root_ca_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` |
@ -50,12 +49,11 @@ certificate_authority_client_subject_alternative_names:
| `certificate_authority_intermediate_ca_create` | Create intermediate certificate from scratch or import via `certificate_authority_intermediate_ca_tls` prefixed variables. | `true` | | `certificate_authority_intermediate_ca_create` | Create intermediate certificate from scratch or import via `certificate_authority_intermediate_ca_tls` prefixed variables. | `true` |
| `certificate_authority_intermediate_ca_path` | Directory where the private and public TLS key of the intermediate certificate authority should be stored. | `/etc/ansible-playbook/pki/intermediate` | | `certificate_authority_intermediate_ca_path` | Directory where the private and public TLS key of the intermediate certificate authority should be stored. | `/etc/ansible-playbook/pki/intermediate` |
| `certificate_authority_intermediate_ca_common_name` | Common Name (CN) of the intermediate certificate authority. | `Ansible Intermediate CA` | | `certificate_authority_intermediate_ca_common_name` | Common Name (CN) of the intermediate certificate authority. | `Ansible Intermediate CA` |
| `certificate_authority_intermediate_ca_country_name` | Country name of the intermediate certificate authority. | `""` | | `certificate_authority_intermediate_ca_country_name` | Country name of the intermediate certificate authority. For example `US`, `FR` or `DE`. | `""` |
| `certificate_authority_intermediate_ca_email_address` | E-Mail Address of the intermediate certificate authority owner. | `""` | | `certificate_authority_intermediate_ca_email_address` | E-Mail Address of the intermediate certificate authority owner. | `""` |
| `certificate_authority_intermediate_ca_organization_name` | Organization name of the intermediate certificate authority owner. | `""` | | `certificate_authority_intermediate_ca_organization_name` | Organization name of the intermediate certificate authority owner. | `""` |
| `certificate_authority_intermediate_ca_organizational_unit_name` | Organizational unit name of the intermediate certificate authority. | `""` | | `certificate_authority_intermediate_ca_organizational_unit_name` | Organizational unit name of the intermediate certificate authority. | `""` |
| `certificate_authority_intermediate_ca_state_or_province_name` | State or province name where the owner of the intermediate certificate authority is located. | `""` | | `certificate_authority_intermediate_ca_state_or_province_name` | State or province name where the owner of the intermediate certificate authority is located. | `""` |
| `certificate_authority_intermediate_ca_state` | State where the owner of the intermediate certificate authority is located. | `""` |
| `certificate_authority_intermediate_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the intermediate certificate authority. | `[]` | | `certificate_authority_intermediate_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the intermediate certificate authority. | `[]` |
| `certificate_authority_intermediate_ca_not_after` | Time in the future from now when the TLS certificate should expire | `+1825d` | | `certificate_authority_intermediate_ca_not_after` | Time in the future from now when the TLS certificate should expire | `+1825d` |
| `certificate_authority_intermediate_ca_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` | | `certificate_authority_intermediate_ca_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` |
@ -72,12 +70,11 @@ certificate_authority_client_subject_alternative_names:
| `certificate_authority_client_create` | Create client certificate from scratch or import via `certificate_authority_client_tls` prefixed variables. | `true` | | `certificate_authority_client_create` | Create client certificate from scratch or import via `certificate_authority_client_tls` prefixed variables. | `true` |
| `certificate_authority_client_path` | Directory where the private and public TLS key of the client certificate authority should be stored. | `/etc/ansible-playbook/pki/client` | | `certificate_authority_client_path` | Directory where the private and public TLS key of the client certificate authority should be stored. | `/etc/ansible-playbook/pki/client` |
| `certificate_authority_client_common_name` | Common Name (CN) of the client certificate. | `Ansible Client Certificate` | | `certificate_authority_client_common_name` | Common Name (CN) of the client certificate. | `Ansible Client Certificate` |
| `certificate_authority_client_country_name` | Country Name (CN) of the client certificate. | `""` | | `certificate_authority_client_country_name` | Country Name (CN) of the client certificate. For example `US`, `FR` or `DE`. | `""` |
| `certificate_authority_client_email_address` | E-Mail Address of the client certificate owner. | `""` | | `certificate_authority_client_email_address` | E-Mail Address of the client certificate owner. | `""` |
| `certificate_authority_client_organization_name` | Organization name of the client certificate owner. | `""` | | `certificate_authority_client_organization_name` | Organization name of the client certificate owner. | `""` |
| `certificate_authority_client_organizational_unit_name` | Common Name (CN) of the client certificate. | `""` | | `certificate_authority_client_organizational_unit_name` | Common Name (CN) of the client certificate. | `""` |
| `certificate_authority_client_state_or_province_name` | State or province name where the owner of the client certificate is located. | `""` | | `certificate_authority_client_state_or_province_name` | State or province name where the owner of the client certificate is located. | `""` |
| `certificate_authority_client_state` | State where the owner of the client certificate is located. | `""` |
| `certificate_authority_client_subject_alternative_names` | Subject Alternative Names (SAN) of the client certificate. | `[]` | | `certificate_authority_client_subject_alternative_names` | Subject Alternative Names (SAN) of the client certificate. | `[]` |
| `certificate_authority_client_not_after` | Time in the future from now when the TLS certificate should expire | `+397d` | | `certificate_authority_client_not_after` | Time in the future from now when the TLS certificate should expire | `+397d` |
| `certificate_authority_client_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` | | `certificate_authority_client_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` |

12
defaults/main.yaml
View File

@ -10,12 +10,11 @@ certificate_authority_root_ca_import: true
## @param certificate_authority_root_ca_path Directory where the private and public TLS key of the root certificate authority should be stored. ## @param certificate_authority_root_ca_path Directory where the private and public TLS key of the root certificate authority should be stored.
## @param certificate_authority_root_ca_common_name Common Name (CN) of the root certificate authority. ## @param certificate_authority_root_ca_common_name Common Name (CN) of the root certificate authority.
## @param certificate_authority_root_ca_country_name Common Name (CN) of the root certificate authority. ## @param certificate_authority_root_ca_country_name Common Name (CN) of the root certificate authority. For example `US`, `FR` or `DE`.
## @param certificate_authority_root_ca_email_address E-Mail Address of the root certificate authority owner. ## @param certificate_authority_root_ca_email_address E-Mail Address of the root certificate authority owner.
## @param certificate_authority_root_ca_organization_name Organization name of the root certificate authority owner. ## @param certificate_authority_root_ca_organization_name Organization name of the root certificate authority owner.
## @param certificate_authority_root_ca_organizational_unit_name Organizational unit name of the root certificate authority. ## @param certificate_authority_root_ca_organizational_unit_name Organizational unit name of the root certificate authority.
## @param certificate_authority_root_ca_state_or_province_name State or province name where the owner of the root certificate authority is located. ## @param certificate_authority_root_ca_state_or_province_name State or province name where the owner of the root certificate authority is located.
## @param certificate_authority_root_ca_state State where the owner of the root certificate authority is located
## @param certificate_authority_root_ca_subject_alternative_names Subject Alternative Names (SAN) of the root certificate authority. ## @param certificate_authority_root_ca_subject_alternative_names Subject Alternative Names (SAN) of the root certificate authority.
## @param certificate_authority_root_ca_not_after Time in the future from now when the TLS certificate should expire ## @param certificate_authority_root_ca_not_after Time in the future from now when the TLS certificate should expire
## @param certificate_authority_root_ca_not_before Time in the past from now when the TLS certificate should be valid. ## @param certificate_authority_root_ca_not_before Time in the past from now when the TLS certificate should be valid.
@ -26,7 +25,6 @@ certificate_authority_root_ca_email_address: ""
certificate_authority_root_ca_organization_name: "" certificate_authority_root_ca_organization_name: ""
certificate_authority_root_ca_organizational_unit_name: "" certificate_authority_root_ca_organizational_unit_name: ""
certificate_authority_root_ca_state_or_province_name: "" certificate_authority_root_ca_state_or_province_name: ""
certificate_authority_root_ca_state: ""
certificate_authority_root_ca_subject_alternative_names: [] certificate_authority_root_ca_subject_alternative_names: []
certificate_authority_root_ca_not_after: "+3650d" certificate_authority_root_ca_not_after: "+3650d"
certificate_authority_root_ca_not_before: "+0s" certificate_authority_root_ca_not_before: "+0s"
@ -50,12 +48,11 @@ certificate_authority_intermediate_ca_create: true
## @param certificate_authority_intermediate_ca_path Directory where the private and public TLS key of the intermediate certificate authority should be stored. ## @param certificate_authority_intermediate_ca_path Directory where the private and public TLS key of the intermediate certificate authority should be stored.
## @param certificate_authority_intermediate_ca_common_name Common Name (CN) of the intermediate certificate authority. ## @param certificate_authority_intermediate_ca_common_name Common Name (CN) of the intermediate certificate authority.
## @param certificate_authority_intermediate_ca_country_name Country name of the intermediate certificate authority. ## @param certificate_authority_intermediate_ca_country_name Country name of the intermediate certificate authority. For example `US`, `FR` or `DE`.
## @param certificate_authority_intermediate_ca_email_address E-Mail Address of the intermediate certificate authority owner. ## @param certificate_authority_intermediate_ca_email_address E-Mail Address of the intermediate certificate authority owner.
## @param certificate_authority_intermediate_ca_organization_name Organization name of the intermediate certificate authority owner. ## @param certificate_authority_intermediate_ca_organization_name Organization name of the intermediate certificate authority owner.
## @param certificate_authority_intermediate_ca_organizational_unit_name Organizational unit name of the intermediate certificate authority. ## @param certificate_authority_intermediate_ca_organizational_unit_name Organizational unit name of the intermediate certificate authority.
## @param certificate_authority_intermediate_ca_state_or_province_name State or province name where the owner of the intermediate certificate authority is located. ## @param certificate_authority_intermediate_ca_state_or_province_name State or province name where the owner of the intermediate certificate authority is located.
## @param certificate_authority_intermediate_ca_state State where the owner of the intermediate certificate authority is located.
## @param certificate_authority_intermediate_ca_subject_alternative_names Subject Alternative Names (SAN) of the intermediate certificate authority. ## @param certificate_authority_intermediate_ca_subject_alternative_names Subject Alternative Names (SAN) of the intermediate certificate authority.
## @param certificate_authority_intermediate_ca_not_after Time in the future from now when the TLS certificate should expire ## @param certificate_authority_intermediate_ca_not_after Time in the future from now when the TLS certificate should expire
## @param certificate_authority_intermediate_ca_not_before Time in the past from now when the TLS certificate should be valid. ## @param certificate_authority_intermediate_ca_not_before Time in the past from now when the TLS certificate should be valid.
@ -66,7 +63,6 @@ certificate_authority_intermediate_ca_email_address: ""
certificate_authority_intermediate_ca_organization_name: "" certificate_authority_intermediate_ca_organization_name: ""
certificate_authority_intermediate_ca_organizational_unit_name: "" certificate_authority_intermediate_ca_organizational_unit_name: ""
certificate_authority_intermediate_ca_state_or_province_name: "" certificate_authority_intermediate_ca_state_or_province_name: ""
certificate_authority_intermediate_ca_state: ""
certificate_authority_intermediate_ca_subject_alternative_names: [] certificate_authority_intermediate_ca_subject_alternative_names: []
certificate_authority_intermediate_ca_not_after: "+1825d" certificate_authority_intermediate_ca_not_after: "+1825d"
certificate_authority_intermediate_ca_not_before: "+0s" certificate_authority_intermediate_ca_not_before: "+0s"
@ -90,12 +86,11 @@ certificate_authority_client_create: true
## @param certificate_authority_client_path Directory where the private and public TLS key of the client certificate authority should be stored. ## @param certificate_authority_client_path Directory where the private and public TLS key of the client certificate authority should be stored.
## @param certificate_authority_client_common_name Common Name (CN) of the client certificate. ## @param certificate_authority_client_common_name Common Name (CN) of the client certificate.
## @param certificate_authority_client_country_name Country Name (CN) of the client certificate. ## @param certificate_authority_client_country_name Country Name (CN) of the client certificate. For example `US`, `FR` or `DE`.
## @param certificate_authority_client_email_address E-Mail Address of the client certificate owner. ## @param certificate_authority_client_email_address E-Mail Address of the client certificate owner.
## @param certificate_authority_client_organization_name Organization name of the client certificate owner. ## @param certificate_authority_client_organization_name Organization name of the client certificate owner.
## @param certificate_authority_client_organizational_unit_name Common Name (CN) of the client certificate. ## @param certificate_authority_client_organizational_unit_name Common Name (CN) of the client certificate.
## @param certificate_authority_client_state_or_province_name State or province name where the owner of the client certificate is located. ## @param certificate_authority_client_state_or_province_name State or province name where the owner of the client certificate is located.
## @param certificate_authority_client_state State where the owner of the client certificate is located.
## @param certificate_authority_client_subject_alternative_names Subject Alternative Names (SAN) of the client certificate. ## @param certificate_authority_client_subject_alternative_names Subject Alternative Names (SAN) of the client certificate.
## @param certificate_authority_client_not_after Time in the future from now when the TLS certificate should expire ## @param certificate_authority_client_not_after Time in the future from now when the TLS certificate should expire
## @param certificate_authority_client_not_before Time in the past from now when the TLS certificate should be valid. ## @param certificate_authority_client_not_before Time in the past from now when the TLS certificate should be valid.
@ -106,7 +101,6 @@ certificate_authority_client_email_address: ""
certificate_authority_client_organization_name: "" certificate_authority_client_organization_name: ""
certificate_authority_client_organizational_unit_name: "" certificate_authority_client_organizational_unit_name: ""
certificate_authority_client_state_or_province_name: "" certificate_authority_client_state_or_province_name: ""
certificate_authority_client_state: ""
certificate_authority_client_subject_alternative_names: [] certificate_authority_client_subject_alternative_names: []
certificate_authority_client_not_after: "+397d" certificate_authority_client_not_after: "+397d"
certificate_authority_client_not_before: "+0s" certificate_authority_client_not_before: "+0s"

2
tasks/client_certificate_protected.yaml
View File

@ -21,7 +21,6 @@
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}" privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem" privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}" state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
state: "{{ certificate_authority_client_state }}"
when: | when: |
certificate_authority_client_subject_alternative_names is not defined or certificate_authority_client_subject_alternative_names is not defined or
(certificate_authority_client_subject_alternative_names is defined and (certificate_authority_client_subject_alternative_names is defined and
@ -41,7 +40,6 @@
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem" privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}" privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}" state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
state: "{{ certificate_authority_client_state }}"
subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}" subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}"
when: certificate_authority_client_subject_alternative_names is defined and when: certificate_authority_client_subject_alternative_names is defined and
certificate_authority_client_subject_alternative_names | length > 0 certificate_authority_client_subject_alternative_names | length > 0

2
tasks/client_certificate_unprotected.yaml
View File

@ -19,7 +19,6 @@
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}" privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem" privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}" state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
state: "{{ certificate_authority_client_state }}"
when: | when: |
certificate_authority_client_subject_alternative_names is not defined or certificate_authority_client_subject_alternative_names is not defined or
(certificate_authority_client_subject_alternative_names is defined and (certificate_authority_client_subject_alternative_names is defined and
@ -38,7 +37,6 @@
path: "{{ certificate_authority_client_path }}/cert-req.pem" path: "{{ certificate_authority_client_path }}/cert-req.pem"
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem" privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}" state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
state: "{{ certificate_authority_client_state }}"
subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}" subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}"
when: certificate_authority_client_subject_alternative_names is defined and when: certificate_authority_client_subject_alternative_names is defined and
certificate_authority_client_subject_alternative_names | length > 0 certificate_authority_client_subject_alternative_names | length > 0

1
tasks/intermediate_certificate_authority_protected.yaml
View File

@ -20,7 +20,6 @@
privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}" privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem" privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}" state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}"
state: "{{ certificate_authority_intermediate_ca_state }}"
use_common_name_for_san: false use_common_name_for_san: false
- name: Create signed client certificate - unprotected root Certificate Authority (CA) - name: Create signed client certificate - unprotected root Certificate Authority (CA)

1
tasks/intermediate_certificate_authority_unprotected.yaml
View File

@ -17,7 +17,6 @@
path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem" path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem"
privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem" privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}" state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}"
state: "{{ certificate_authority_intermediate_ca_state }}"
use_common_name_for_san: false use_common_name_for_san: false
- name: Create signed client certificate - unprotected root Certificate Authority (CA) - name: Create signed client certificate - unprotected root Certificate Authority (CA)

1
tasks/root_certificate_authority_protected.yaml
View File

@ -20,7 +20,6 @@
privatekey_passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}" privatekey_passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}"
privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem" privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}" state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}"
state: "{{ certificate_authority_root_ca_state }}"
use_common_name_for_san: false use_common_name_for_san: false
- name: Create self-signed certificate for root CA - name: Create self-signed certificate for root CA

1
tasks/root_certificate_authority_unprotected.yaml
View File

@ -17,7 +17,6 @@
path: "{{ certificate_authority_root_ca_path }}/cert-req.pem" path: "{{ certificate_authority_root_ca_path }}/cert-req.pem"
privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem" privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}" state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}"
state: "{{ certificate_authority_root_ca_state }}"
use_common_name_for_san: false use_common_name_for_san: false
- name: Create self-signed certificate for root CA - name: Create self-signed certificate for root CA