Add role to create your own certificate authority
This commit is contained in:
parent
45517cd2f1
commit
8750a53f8d
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
generate_ca_base_path: /etc/ssl/ca
|
||||
generate_ca_name: ca
|
||||
generate_ca_root_key_path: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.key"
|
||||
generate_ca_passphrase: "this is a secret!"
|
||||
generate_ca_root_csr: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.csr"
|
||||
generate_ca_root_certificate: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.crt"
|
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
- name: install python3-openssl
|
||||
apt:
|
||||
name: python3-openssl
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: ensure {{ generate_ca_base_path }} esists
|
||||
file:
|
||||
path: "{{ generate_ca_base_path }}"
|
||||
state: directory
|
||||
owner: root
|
||||
mode: 0700
|
||||
|
||||
- name: generate the root private key
|
||||
openssl_privatekey:
|
||||
path: "{{ generate_ca_root_key_path }}"
|
||||
passphrase: "{{ generate_ca_passphrase }}"
|
||||
cipher: des3
|
||||
size: 4096
|
||||
type: RSA
|
||||
|
||||
- name: generate the root Certificate Signing Request
|
||||
openssl_csr:
|
||||
path: "{{ generate_ca_root_csr }}"
|
||||
privatekey_path: "{{ generate_ca_root_key_path }}"
|
||||
privatekey_passphrase: "{{ generate_ca_passphrase }}"
|
||||
|
||||
- name: generate and self sign the root certificate
|
||||
openssl_certificate:
|
||||
path: "{{ generate_ca_root_certificate }}"
|
||||
privatekey_path: "{{ generate_ca_root_key_path }}"
|
||||
privatekey_passphrase: "{{ generate_ca_passphrase }}"
|
||||
csr_path: "{{ generate_ca_root_csr }}"
|
||||
provider: selfsigned
|
|
@ -29,3 +29,4 @@
|
|||
beehive_canonical_url: http://10.10.10.10:8181}
|
||||
# - {role: ../roles/homeassistant, become: true}
|
||||
# - {role: ../roles/mosquitto, become: true}
|
||||
# - {role: ../roles/generate_ca, become: true}
|
||||
|
|
Loading…
Reference in New Issue