volker.raschek/ansible-role-certificate-authority
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
61b0a7c9ec1555aaf10b118ac7add44196b31232
ansible-role-certificate-au…/tasks/intermediate_certificate_authority_protected.yaml
Markus Pesch 61b0a7c9ec
Some checks failed
Ansible Linter / ansible-lint (push) Failing after 59s
Details
Lint Markdown files / markdown-lint (push) Successful in 11s
Details
fix: set cipher correctly
2025-07-31 09:53:01 +02:00

46 lines
2.5 KiB
YAML
Raw Blame History

---
- name: Create private key for intermediate CA
community.crypto.openssl_privatekey:
passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
type: "{{ certificate_authority_intermediate_ca_tls_key_type }}"
cipher: auto
- name: Create a certificate signing request (CSR) for intermediate CA
community.crypto.openssl_csr:
basic_constraints:
- "CA:TRUE"
common_name: "{{ certificate_authority_intermediate_ca_common_name }}"
path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem"
privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
use_common_name_for_san: false
- name: Create signed client certificate - unprotected root Certificate Authority (CA)
community.crypto.x509_certificate:
csr_path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem"
ownca_not_after: "{{ certificate_authority_intermediate_ca_not_after }}"
ownca_not_before: "{{ certificate_authority_intermediate_ca_not_before }}"
ownca_path: "{{ certificate_authority_root_ca_path }}/cert.pem"
ownca_privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
path: "{{ certificate_authority_intermediate_ca_path }}/cert.pem"
privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
provider: ownca
when: certificate_authority_root_ca_tls_key_passphrase is defined and
certificate_authority_root_ca_tls_key_passphrase | length <= 0
- name: Create signed client certificate - passphrase protected root Certificate Authority (CA)
community.crypto.x509_certificate:
csr_path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem"
ownca_not_after: "{{ certificate_authority_intermediate_ca_not_after }}"
ownca_not_before: "{{ certificate_authority_intermediate_ca_not_before }}"
ownca_path: "{{ certificate_authority_root_ca_path }}/cert.pem"
ownca_privatekey_passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}"
ownca_privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
path: "{{ certificate_authority_intermediate_ca_path }}/cert.pem"
privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
provider: ownca
when: certificate_authority_root_ca_tls_key_passphrase is defined and
certificate_authority_root_ca_tls_key_passphrase | length > 0
Reference in New Issue View Git Blame Copy Permalink