--- - name: Create private key for intermediate CA community.crypto.openssl_privatekey: path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem" type: "{{ certificate_authority_intermediate_ca_tls_key_type }}" - name: Create a certificate signing request (CSR) for intermediate CA community.crypto.openssl_csr: basic_constraints: - "CA:TRUE" common_name: "{{ certificate_authority_intermediate_ca_common_name }}" path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem" privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem" use_common_name_for_san: false - name: Create signed client certificate - unprotected root Certificate Authority (CA) community.crypto.x509_certificate: csr_path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem" ownca_not_after: "{{ certificate_authority_intermediate_ca_not_after }}" ownca_not_before: "{{ certificate_authority_intermediate_ca_not_before }}" ownca_path: "{{ certificate_authority_root_ca_path }}/cert.pem" ownca_privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem" path: "{{ certificate_authority_intermediate_ca_path }}/cert.pem" provider: ownca when: certificate_authority_root_ca_tls_key_passphrase | length <= 0 - name: Create signed client certificate - passphrase protected root Certificate Authority (CA) community.crypto.x509_certificate: csr_path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem" ownca_not_after: "{{ certificate_authority_intermediate_ca_not_after }}" ownca_not_before: "{{ certificate_authority_intermediate_ca_not_before }}" ownca_path: "{{ certificate_authority_root_ca_path }}/cert.pem" ownca_privatekey_passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}" ownca_privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem" path: "{{ certificate_authority_intermediate_ca_path }}/cert.pem" provider: ownca when: certificate_authority_root_ca_tls_key_passphrase | length > 0