volker.raschek/ansible-role-certificate-authority
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
dbbaacdc696af2276fcb666bfdfb046f36863370
ansible-role-certificate-au…/README.md
Markus Pesch a0ea59c528
Some checks failed
Lint Markdown files / markdown-lint (push) Successful in 11s
Details
Ansible Linter / ansible-lint (push) Failing after 49s
Details
Initial Commit
2025-07-30 22:09:38 +02:00

10 KiB
Raw Blame History

certificate-authority

This Ansible role can be used to create a root and intermediate certificate authority and issue client certificates from them. Additionally offers the ansible role the feature to import the certificates of the authority into the systems trust store.

Examples

The following minimal example creates a root and intermediate certificate authority and issues a client certificate from the intermediate certificate authority.

certificate_authority_client_skip: false
certificate_authority_client_common_name: "{{ inventory_hostname }}"
certificate_authority_client_subject_alternative_names:
- "{{ inventory_hostname }}"
- san.example.local

Parameters

Root Certificate Authority (CA)

Name Description Value
certificate_authority_root_ca_skip Skip creation or import of a root certificate authority in general. false
certificate_authority_root_ca_create Create root certificate from scratch or import via certificate_authority_root_ca_tls prefixed variables. true
certificate_authority_root_ca_import Import the TLS certificate of the root certificate authority into the systems trust store. true
certificate_authority_root_ca_path Directory where the private and public TLS key of the root certificate authority should be stored. /etc/ansible-playbook/pki/ca
certificate_authority_root_ca_common_name Common Name (CN) of the root certificate authority. Ansible Root CA
certificate_authority_root_ca_subject_alternative_names Subject Alternative Names (SAN) of the root certificate authority. []
certificate_authority_root_ca_not_after Time in the future from now when the TLS certificate should expire +3650d
certificate_authority_root_ca_not_before Time in the past from now when the TLS certificate should be valid. +0s
certificate_authority_root_ca_tls_key_content Content of a custom used root certificate authority. Will only be imported, when certificate_authority_root_ca_create: false. ""
certificate_authority_root_ca_tls_crt_content Content of a custom used certificate of the certificate authority. Will only be imported, when certificate_authority_root_ca_create: false. ""
certificate_authority_root_ca_tls_key_passphrase Passphrase for the private key of the generated or imported root certificate authority. ""
certificate_authority_root_ca_tls_key_type Algorithm of the private key of the root certificate authority. RSA

Intermediate Certificate Authority (CA)

Name Description Value
certificate_authority_intermediate_ca_skip Skip creation or import of a intermediate certificate authority in general. false
certificate_authority_intermediate_ca_create Create intermediate certificate from scratch or import via certificate_authority_intermediate_ca_tls prefixed variables. true
certificate_authority_intermediate_ca_path Directory where the private and public TLS key of the intermediate certificate authority should be stored. /etc/ansible-playbook/pki/intermediate
certificate_authority_intermediate_ca_common_name Common Name (CN) of the intermediate certificate authority. Ansible Intermediate CA
certificate_authority_intermediate_ca_subject_alternative_names Subject Alternative Names (SAN) of the intermediate certificate authority. []
certificate_authority_intermediate_ca_not_after Time in the future from now when the TLS certificate should expire +1825d
certificate_authority_intermediate_ca_not_before Time in the past from now when the TLS certificate should be valid. +0s
certificate_authority_intermediate_ca_tls_key_content Content of a custom used intermediate certificate authority. Will only be imported, when certificate_authority_intermediate_ca_create: false. ""
certificate_authority_intermediate_ca_tls_crt_content Content of a custom used certificate of the certificate authority. Will only be imported, when certificate_authority_intermediate_ca_create: false. ""
certificate_authority_intermediate_ca_tls_key_passphrase Passphrase for the private key of the generated or imported intermediate certificate authority. ""
certificate_authority_intermediate_ca_tls_key_type Algorithm of the private key of the intermediate certificate authority. RSA

Client Certificate

Name Description Value
certificate_authority_client_skip Skip creation or import of a client certificate in general. true
certificate_authority_client_create Create client certificate from scratch or import via certificate_authority_client_tls prefixed variables. true
certificate_authority_client_path Directory where the private and public TLS key of the client certificate authority should be stored. /etc/ansible-playbook/pki/client
certificate_authority_client_common_name Common Name (CN) of the client certificate. Ansible Client Certificate
certificate_authority_client_subject_alternative_names Subject Alternative Names (SAN) of the client certificate. []
certificate_authority_client_not_after Time in the future from now when the TLS certificate should expire +397d
certificate_authority_client_not_before Time in the past from now when the TLS certificate should be valid. +0s
certificate_authority_client_tls_key_passphrase Passphrase for the private key of the generated or imported client certificate. ""
certificate_authority_client_tls_key_type Algorithm of the private key of the client certificate. RSA
certificate_authority_client_tls_crt_content Passphrase for the private key of the generated or imported client certificate. ""
certificate_authority_client_tls_key_content Algorithm of the private key of the client certificate ""