Abstract
This directory contains the playbook to sign a certificate.
Sign a Cert#
Cert Signing Usage#
sign a certificate#
ansible-playbook -t sign site.yml
Signing Playbook#
sign a cert#
---
- name: sign | Generate Private Key
community.crypto.openssl_privatekey:
path: >-
{{ sign_path_key }}
size: 4096
type: RSA
- name: sign | Generate CSR
community.crypto.openssl_csr:
authority_cert_issuer: >-
{{ sign_int_san }}
authority_cert_serial_number: >-
{{
(
lookup('ansible.builtin.file', '/etc/ssl/root/int/certs/int.crt')
| community.crypto.x509_certificate_info
).serial_number
}}
basic_constraints:
- "CA:FALSE"
basic_constraints_critical: true
key_usage:
- digitalSignature
group: root
common_name: >-
{{ sign_common_name }}
country_name: >-
{{ sign_country_name }}
locality_name: >-
{{ sign_locality_name }}
organization_name: >-
{{ sign_organization_name }}
organizational_unit_name: >-
{{ sign_organizational_unit_name }}
state_or_province_name: >-
{{ sign_state_or_province_name }}
mode: >-
ug+rw
owner: root
path: >-
{{ sign_path_csr }}
privatekey_path: >-
{{ sign_path_key }}
subject_alt_name: >-
{{ sign_cert_san }}
subject_alt_name_critical: true
register: csr
- name: sign | Sign Certificate
community.crypto.x509_certificate:
privatekey_path: >-
{{ sign_path_key }}
csr_path: >-
{{ sign_path_csr }}
ownca_path: >-
{{ sign_int_path_crt }}
ownca_privatekey_path: >-
{{ sign_int_path_key }}
ownca_create_subject_key_identifier: always_create
provider: ownca
path: >-
{{ sign_path_crt }}
register: certificate
- name: sign | Output certificate
debug:
var: certificate
Sign Role Metadata#
- galaxy_info
SPDX-License-Identifier: Unlicense
Ansible Galaxy Info
Author, description et cetera.
- dependencies
List your role dependencies here, one per line. Be sure to remove the ‘[]’ above, if you add dependencies to this list.
Section author: Xander Harris xandertheharris@gmail.com