Abstract

This directory contains the playbook to create the initial root CA.

Root CA

Root CA Usage

Create the root CA

ansible-playbook -t ca site.yml

Root CA readme

• Root CA Readme
  • Root CA Requirements
  • Root CA Role Variables
  • Dependencies
  • Root CA Example Playbook
  • License
  • Author Information

Root CA Playbook

root ca

---
- name: ca | Add directories
  ansible.builtin.file:
    state: directory
    group: root
    owner: root
    dest: >-
      {{ item }}
    mode: "ug+rwx,o+rx,o-w"
  loop: >-
    {{ ca_dirs }}

- name: ca | Create private key
  community.crypto.openssl_privatekey:
    path: >-
      {{ ca_path_key }}

- name: ca | Create certificate signing request (CSR) for CA certificate
  community.crypto.openssl_csr:
    basic_constraints:
      - "CA:TRUE"
    basic_constraints_critical: true
    common_name: >-
      {{ ca_common_name }}
    email_address: >-
      {{ ca_email }}
    group: root
    key_usage:
      - keyCertSign
      - cRLSign
    key_usage_critical: true
    locality_name: >-
      {{ ca_locality }}
    mode: >-
      ug+rw,o-rwx
    organization_name: >-
      {{ ca_org }}
    organizational_unit_name: >-
      {{ ca_org_unit }}
    owner: root
    path: >-
      {{ ca_path_csr }}
    privatekey_path: >-
      {{ ca_path_key }}
    subject_alt_name: >-
      {{ ca_san }}
    state_or_province_name: >-
      {{ ca_state }}
    use_common_name_for_san: false
  register: ca_csr

- name: ca | Create self-signed CA certificate from CSR
  community.crypto.x509_certificate:
    backup: true
    path: >-
      {{ ca_path_crt }}
    csr_path: >-
      {{ ca_path_csr }}
    privatekey_path: >-
      {{ ca_path_key }}
    provider: selfsigned
    selfsigned_create_subject_key_identifier: always_create

Code author: xander harris xandertheharris@gmail.com

Section author: xander harris xandertheharris@gmail.com