volker.raschek/ansible-role-certificate-authority
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
9267a743e7c8a129ac2c945eff1f81304866b648
ansible-role-certificate-au…/tasks/client_certificate_protected.yaml
Markus Pesch ef2c31e64e
Some checks failed
Lint Markdown files / markdown-lint (push) Successful in 11s
Details
Ansible Linter / ansible-lint (push) Failing after 41s
Details
fix: remove state
2025-07-31 19:08:10 +02:00

71 lines
4.1 KiB
YAML
Raw Blame History

---
- name: Create private key for client
community.crypto.openssl_privatekey:
path: "{{ certificate_authority_client_path }}/privkey.pem"
type: "{{ certificate_authority_client_tls_key_type }}"
passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
cipher: auto
- name: Create a certificate signing request (CSR) for client certificate without subject alternative names (SANs)
community.crypto.openssl_csr:
common_name: "{{ certificate_authority_client_common_name }}"
countryName: "{{ certificate_authority_client_country_name }}"
email_address: "{{ certificate_authority_client_email_address }}"
extendedKeyUsage:
- clientAuth
- serverAuth
organization_name: "{{ certificate_authority_client_organization_name }}"
organizational_unit_name: "{{ certificate_authority_client_organizational_unit_name }}"
path: "{{ certificate_authority_client_path }}/cert-req.pem"
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
when: |
certificate_authority_client_subject_alternative_names is not defined or
(certificate_authority_client_subject_alternative_names is defined and
certificate_authority_client_subject_alternative_names | length <= 0)
- name: Create a certificate signing request (CSR) for client certificate with subject alternative names (SANs)
community.crypto.openssl_csr:
common_name: "{{ certificate_authority_client_common_name }}"
countryName: "{{ certificate_authority_client_country_name }}"
email_address: "{{ certificate_authority_client_email_address }}"
extendedKeyUsage:
- clientAuth
- serverAuth
organization_name: "{{ certificate_authority_client_organization_name }}"
organizational_unit_name: "{{ certificate_authority_client_organizational_unit_name }}"
path: "{{ certificate_authority_client_path }}/cert-req.pem"
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}"
when: certificate_authority_client_subject_alternative_names is defined and
certificate_authority_client_subject_alternative_names | length > 0
- name: Create signed client certificate - unprotected intermediate Certificate Authority (CA)
community.crypto.x509_certificate:
csr_path: "{{ certificate_authority_client_path }}/cert-req.pem"
ownca_not_after: "{{ certificate_authority_client_not_after }}"
ownca_not_before: "{{ certificate_authority_client_not_before }}"
ownca_path: "{{ certificate_authority_intermediate_ca_path }}/cert.pem"
ownca_privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
path: "{{ certificate_authority_client_path }}/cert.pem"
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
provider: ownca
when: certificate_authority_intermediate_ca_tls_key_passphrase | length <= 0
- name: Create signed client certificate - passphrase protected intermediate Certificate Authority (CA)
community.crypto.x509_certificate:
csr_path: "{{ certificate_authority_client_path }}/cert-req.pem"
ownca_not_after: "{{ certificate_authority_client_not_after }}"
ownca_not_before: "{{ certificate_authority_client_not_before }}"
ownca_path: "{{ certificate_authority_intermediate_ca_path }}/cert.pem"
ownca_privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
ownca_privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
path: "{{ certificate_authority_client_path }}/cert.pem"
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
provider: ownca
when: certificate_authority_intermediate_ca_tls_key_passphrase | length > 0
Reference in New Issue View Git Blame Copy Permalink