123456789101112131415161718192021222324252627282930313233343536373839404142 |
- ---
- - name: Server Certificate - Make certificates directory
- file:
- path: "{{ server_cert_dir }}"
- state: directory
- - name: Server Certificate - Check if private key is already present
- stat:
- path: "{{ server_cert_dir }}/{{ server_cert_name }}.key"
- register: server_cert_key
- - name: Server Certificate - Generate the private key
- shell: openssl genrsa -out {{ server_cert_name }}.key 4096
- args:
- chdir: "{{ server_cert_dir }}"
- when: not server_cert_key.stat.exists
- - name: Server Certificate - Generate the server configuration file
- template:
- src: server.conf.j2
- dest: "{{ server_cert_dir }}/{{ server_cert_name }}.conf"
- - name: Server Certificate - Create the certificate signin request
- shell: openssl req -new -key {{ server_cert_name }}.key -days {{ server_cert_days }} -out {{ server_cert_name }}.csr -config {{ server_cert_name }}.conf
- args:
- chdir: "{{ server_cert_dir }}"
- - name: Server Certificate - Create the X509 V3 extension config file to define SAN
- template:
- src: server.ext.j2
- dest: "{{ server_cert_dir }}/{{ server_cert_name }}.ext"
- - name: Server Certificate - Sign the certificate with x509 V3 extensions
- shell: openssl x509 -req \
- -in {{ server_cert_name }}.csr \
- -CA {{ ca_cert_dir }}/{{ ca_cert_name }}.pem -CAkey {{ ca_cert_dir }}/{{ ca_cert_name }}.key -CAcreateserial \
- -passin pass:"{{ ca_cert_key_pass }}" \
- -out {{ server_cert_name }}.crt \
- -days {{ server_cert_days }} -sha256 \
- -extfile {{ server_cert_name }}.ext
- args:
- chdir: "{{ server_cert_dir }}"
|