infra_public/roles/stable/openssl_certificates/tasks/authority.yml

---
- name: Install openssl
  apt:
    update_cache: yes
    state: present
    pkg:
      - openssl

- name: Make certificates directory
  file:
    path: "{{ ca_cert_dir }}"
    state: directory

- name: Certification Authority - Check if the private key is already present
  stat:
    path: "{{ ca_cert_dir }}/{{ ca_cert_name }}.key"
  register: ca_cert_key

- name: Certification Authority - Generate the CA private key
  shell: openssl genrsa -des3 -passout pass:"{{ ca_cert_key_pass }}" -out {{ ca_cert_name }}.key 4096
  args:
    chdir: "{{ ca_cert_dir }}"
  when: not ca_cert_key.stat.exists

- name: Certification Authority - Check if the CA root certificate is already presentt
  stat:
    path: "{{ ca_cert_dir }}/{{ ca_cert_name }}.pem"
  register: ca_cert_pem

- name: Certification Authority - Generate the CA root configuration file
  template:
    src: authority.conf.j2
    dest: "{{ ca_cert_dir }}/{{ ca_cert_name }}.conf"
  when: not ca_cert_pem.stat.exists

- name: Certification Authority - Generate the CA root certificate
  shell: openssl req -x509 -new -nodes \
          -key {{ ca_cert_name }}.key \
          -passin pass:"{{ ca_cert_key_pass }}" \
          -sha256 -days {{ ca_cert_days }} -out {{ ca_cert_name }}.pem \
          -config {{ ca_cert_name }}.conf
  args:
    chdir: "{{ ca_cert_dir }}"
  when: not ca_cert_pem.stat.exists