You've already forked ansible-role-certificate-authority
34 lines
1.7 KiB
YAML
34 lines
1.7 KiB
YAML
---
|
|
|
|
- name: Create private key for root CA
|
|
community.crypto.openssl_privatekey:
|
|
passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}"
|
|
path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
|
|
type: "{{ certificate_authority_root_ca_tls_key_type }}"
|
|
cipher: auto
|
|
|
|
- name: Create a certificate signing request (CSR) for root CA
|
|
community.crypto.openssl_csr:
|
|
basic_constraints:
|
|
- "CA:TRUE"
|
|
common_name: "{{ certificate_authority_root_ca_common_name }}"
|
|
countryName: "{{ certificate_authority_root_ca_country_name }}"
|
|
email_address: "{{ certificate_authority_root_ca_email_address }}"
|
|
organization_name: "{{ certificate_authority_root_ca_organization_name }}"
|
|
organizational_unit_name: "{{ certificate_authority_root_ca_organizational_unit_name }}"
|
|
path: "{{ certificate_authority_root_ca_path }}/cert-req.pem"
|
|
privatekey_passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}"
|
|
privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
|
|
state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}"
|
|
use_common_name_for_san: false
|
|
|
|
- name: Create self-signed certificate for root CA
|
|
community.crypto.x509_certificate:
|
|
csr_path: "{{ certificate_authority_root_ca_path }}/cert-req.pem"
|
|
path: "{{ certificate_authority_root_ca_path }}/cert.pem"
|
|
privatekey_passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}"
|
|
privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
|
|
provider: selfsigned
|
|
selfsigned_not_after: "{{ certificate_authority_root_ca_not_after }}"
|
|
selfsigned_not_before: "{{ certificate_authority_root_ca_not_before }}"
|