aboutsummaryrefslogtreecommitdiff
path: root/roles/signed_certificate
diff options
context:
space:
mode:
Diffstat (limited to 'roles/signed_certificate')
-rw-r--r--roles/signed_certificate/defaults/main.yml2
-rw-r--r--roles/signed_certificate/tasks/main.yml11
2 files changed, 12 insertions, 1 deletions
diff --git a/roles/signed_certificate/defaults/main.yml b/roles/signed_certificate/defaults/main.yml
index c46ef37..d0ee48e 100644
--- a/roles/signed_certificate/defaults/main.yml
+++ b/roles/signed_certificate/defaults/main.yml
@@ -4,7 +4,7 @@ key_path: '/etc/ssl/private/'
cert_path: '/etc/ssl/certs/'
alt_name: '{{ "DNS:" + ansible_facts.fqdn }}'
owner: root
-group: root
+group: ssl-cert
signed_certificate:
issuer_cn: ''
diff --git a/roles/signed_certificate/tasks/main.yml b/roles/signed_certificate/tasks/main.yml
index 3e1a7b2..d5491ac 100644
--- a/roles/signed_certificate/tasks/main.yml
+++ b/roles/signed_certificate/tasks/main.yml
@@ -21,9 +21,20 @@
path: '{{ key_path }}/{{ cert_name }}.key'
owner: '{{ owner }}'
group: '{{ group }}'
+ mode: '640'
become: yes
when: key_check.failed
+- name: Check file permissions for Key
+ file:
+ path: '{{ key_path }}/{{ cert_name }}.key'
+ state: file
+ owner: '{{ owner }}'
+ group: '{{ group }}'
+ mode: '640'
+ become: yes
+ when: not key_check.failed
+
- name: Read existing Certificate
community.crypto.x509_certificate_info:
path: '{{ cert_path }}/{{ cert_name }}.pem'