---
- name: Server Certificate - Make certificates directory
  file:
    path: "{{ server_cert_dir }}"
    state: directory

- name: Server Certificate - Check if private key is already present
  stat:
    path: "{{ server_cert_dir }}/{{ server_cert_name }}.key"
  register: server_cert_key

- name: Server Certificate - Generate the private key
  shell: openssl genrsa -out {{ server_cert_name }}.key 4096
  args:
    chdir: "{{ server_cert_dir }}"
  when: not server_cert_key.stat.exists

- name: Server Certificate - Generate the server configuration file
  template:
    src: server.conf.j2
    dest: "{{ server_cert_dir }}/{{ server_cert_name }}.conf"

- name: Server Certificate - Create the certificate signin request
  shell: openssl req -new -key {{ server_cert_name }}.key -days {{ server_cert_days }} -out {{ server_cert_name }}.csr -config {{ server_cert_name }}.conf
  args:
    chdir: "{{ server_cert_dir }}"

- name: Server Certificate - Create the X509 V3 extension config file to define SAN
  template:
    src: server.ext.j2
    dest: "{{ server_cert_dir }}/{{ server_cert_name }}.ext"

- name: Server Certificate - Sign the certificate with x509 V3 extensions
  shell: openssl x509 -req \
         -in {{ server_cert_name }}.csr \
         -CA {{ ca_cert_dir }}/{{ ca_cert_name }}.pem -CAkey {{ ca_cert_dir }}/{{ ca_cert_name }}.key -CAcreateserial \
         -passin pass:"{{ ca_cert_key_pass }}" \
         -out {{ server_cert_name }}.crt \
         -days {{ server_cert_days }} -sha256 \
         -extfile {{ server_cert_name }}.ext
  args:
    chdir: "{{ server_cert_dir }}"