roles/signed_certificate/tasks/selfsigned.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

---
- name: Read Existing Certificate
  community.crypto.x509_certificate_info:
    path: '{{ cert_path }}/{{ cert_name }}.pem'
    valid_at:
      point_1: '{{ signed_certificate.renew_at }}'
  ignore_errors: yes
  become: yes
  register: existing_cert

- name: Check Certificate
  assert:
    that:
      - existing_cert.valid_at.point_1
      - not existing_cert.failed
      - existing_cert.subject.commonName == common_name
      - existing_cert.issuer.commonName == signed_certificate.issuer_cn
    success_msg: Certificate is valid
    fail_msg: Certificate is not valid. creating a new one.
  ignore_errors: yes
  register: cert_assert

- name: Trigger Cert Generation
  include_tasks: sign_selfsigned.yml
  when: cert_assert.failed