From a024ad57e94976f7541bdd352e2d0a364c2aa5fb Mon Sep 17 00:00:00 2001
From: Jonas Gunz <himself@jonasgunz.de>
Date: Wed, 1 Sep 2021 04:11:37 +0200
Subject: initial

---
 roles/signed_certificate/tasks/sign.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 roles/signed_certificate/tasks/sign.yml

(limited to 'roles/signed_certificate/tasks/sign.yml')

diff --git a/roles/signed_certificate/tasks/sign.yml b/roles/signed_certificate/tasks/sign.yml
new file mode 100644
index 0000000..b99df32
--- /dev/null
+++ b/roles/signed_certificate/tasks/sign.yml
@@ -0,0 +1,31 @@
+---
+- name: Create CSR
+  community.crypto.openssl_csr_pipe:
+    privatekey_path: '{{ key_path }}/{{ cert_name }}.key'
+    common_name: '{{ ansible_facts.fqdn }}'
+    subject_alt_name: '{{ alt_name }}'
+  register: request
+  become: yes
+
+- name: Sign OpenSSL Certificate
+  community.crypto.x509_certificate_pipe:
+    provider: ownca
+    ownca_privatekey_path: '{{ signed_certificate.privkey_path }}'
+    ownca_privatekey_passphrase: '{{ signed_certificate.privkey_passphrase }}'
+    ownca_content: '{{ signed_certificate.cert_content }}'
+    ownca_not_after: '{{ signed_certificate.valid_for }}'
+    csr_content: '{{ request.csr }}'
+  delegate_to: localhost
+  register: cert
+
+- name: Install Signed OpenSSL Certificate
+  copy:
+    dest: '{{ cert_path }}/{{ cert_name }}.pem'
+    content: '{{ cert.certificate }}'
+    owner: '{{ owner }}'
+    group: '{{ group }}'
+  become: yes
+
+- name: Set cert_changed flag
+  set_fact:
+    cert_changed: True
-- 
cgit v1.2.3