Abstract
This role provides a functional intermediate certificate authority.
Intermediate CA Readme#
Note
IANA is used for default values, though this code is not affiliated with that authority or any of its subsidiaries
Requirements#
You will need OpenSSL on an ArchLinux system in order for this role to work. If you want to use something other than Arch, you’ll need to update the commmunity.general.pacman tasks to use the package manager of your choice.
Role Variables#
This role requires the following variables to be set.
variable |
description |
default |
|---|---|---|
|
a list of directories required by the root ca |
- /etc/ssl/root/private
- /etc/ssl/root/certs
- /etc/ssl/root/csr
- /etc/ssl/root
|
|
an email for use in the SAN and email fields |
|
|
name of the municipality to be used for the ca |
|
|
the organization the ca represents |
|
|
organization department used by the ca |
|
|
path to the ca private key |
|
|
path to the ca crt |
|
|
path to the certificate signing request |
|
|
a list of subject alternative names for the ca |
|
|
a state or region in which the ca was made |
|
Dependencies#
You will need the following collections.
They can be installed using the bash below.
ansible-galaxy collection install {community.general,community.crypto}
Example Playbook#
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- name: Create root CA
hosts: localhost
become: true
roles:
- role: ca
tags:
- ca
- private_key
vars:
ca_email: user@domain.com
ca_locality: Los Angeles
ca_org: IANA
ca_org_unit: Engineering
ca_san:
- DNS:iana.domain.com
- email:user@domain.com
ca_state: California
License#
This software is Unlicensed