aboutsummaryrefslogtreecommitdiff
path: root/roles/signed_certificate/tasks/sign.yml
diff options
context:
space:
mode:
authorGravatar Jonas Gunz <himself@jonasgunz.de> 2021-09-01 04:11:37 +0200
committerGravatar Jonas Gunz <himself@jonasgunz.de> 2021-09-01 04:11:37 +0200
commita024ad57e94976f7541bdd352e2d0a364c2aa5fb (patch)
treeb04a92bdb939f6ecba135c0feb5d82fd148838e8 /roles/signed_certificate/tasks/sign.yml
downloadansible_collection-a024ad57e94976f7541bdd352e2d0a364c2aa5fb.tar.gz
initial
Diffstat (limited to 'roles/signed_certificate/tasks/sign.yml')
-rw-r--r--roles/signed_certificate/tasks/sign.yml31
1 files changed, 31 insertions, 0 deletions
diff --git a/roles/signed_certificate/tasks/sign.yml b/roles/signed_certificate/tasks/sign.yml
new file mode 100644
index 0000000..b99df32
--- /dev/null
+++ b/roles/signed_certificate/tasks/sign.yml
@@ -0,0 +1,31 @@
+---
+- name: Create CSR
+ community.crypto.openssl_csr_pipe:
+ privatekey_path: '{{ key_path }}/{{ cert_name }}.key'
+ common_name: '{{ ansible_facts.fqdn }}'
+ subject_alt_name: '{{ alt_name }}'
+ register: request
+ become: yes
+
+- name: Sign OpenSSL Certificate
+ community.crypto.x509_certificate_pipe:
+ provider: ownca
+ ownca_privatekey_path: '{{ signed_certificate.privkey_path }}'
+ ownca_privatekey_passphrase: '{{ signed_certificate.privkey_passphrase }}'
+ ownca_content: '{{ signed_certificate.cert_content }}'
+ ownca_not_after: '{{ signed_certificate.valid_for }}'
+ csr_content: '{{ request.csr }}'
+ delegate_to: localhost
+ register: cert
+
+- name: Install Signed OpenSSL Certificate
+ copy:
+ dest: '{{ cert_path }}/{{ cert_name }}.pem'
+ content: '{{ cert.certificate }}'
+ owner: '{{ owner }}'
+ group: '{{ group }}'
+ become: yes
+
+- name: Set cert_changed flag
+ set_fact:
+ cert_changed: True