1
0
Fork 0

Add role to create your own certificate authority

This commit is contained in:
Daniele Tricoli 2020-10-05 01:32:57 +02:00
parent 45517cd2f1
commit 8750a53f8d
3 changed files with 43 additions and 0 deletions

View File

@ -0,0 +1,7 @@
---
generate_ca_base_path: /etc/ssl/ca
generate_ca_name: ca
generate_ca_root_key_path: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.key"
generate_ca_passphrase: "this is a secret!"
generate_ca_root_csr: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.csr"
generate_ca_root_certificate: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.crt"

View File

@ -0,0 +1,35 @@
---
- name: install python3-openssl
apt:
name: python3-openssl
update_cache: true
cache_valid_time: 3600
- name: ensure {{ generate_ca_base_path }} esists
file:
path: "{{ generate_ca_base_path }}"
state: directory
owner: root
mode: 0700
- name: generate the root private key
openssl_privatekey:
path: "{{ generate_ca_root_key_path }}"
passphrase: "{{ generate_ca_passphrase }}"
cipher: des3
size: 4096
type: RSA
- name: generate the root Certificate Signing Request
openssl_csr:
path: "{{ generate_ca_root_csr }}"
privatekey_path: "{{ generate_ca_root_key_path }}"
privatekey_passphrase: "{{ generate_ca_passphrase }}"
- name: generate and self sign the root certificate
openssl_certificate:
path: "{{ generate_ca_root_certificate }}"
privatekey_path: "{{ generate_ca_root_key_path }}"
privatekey_passphrase: "{{ generate_ca_passphrase }}"
csr_path: "{{ generate_ca_root_csr }}"
provider: selfsigned

View File

@ -29,3 +29,4 @@
beehive_canonical_url: http://10.10.10.10:8181}
# - {role: ../roles/homeassistant, become: true}
# - {role: ../roles/mosquitto, become: true}
# - {role: ../roles/generate_ca, become: true}