aboutsummaryrefslogtreecommitdiff
path: root/roles/signed_certificate/tasks/sign.yml
blob: b99df3293cb2a1d3f0f458f0fe6e4b393f7be8bf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
---
- name: Create CSR
  community.crypto.openssl_csr_pipe:
    privatekey_path: '{{ key_path }}/{{ cert_name }}.key'
    common_name: '{{ ansible_facts.fqdn }}'
    subject_alt_name: '{{ alt_name }}'
  register: request
  become: yes

- name: Sign OpenSSL Certificate
  community.crypto.x509_certificate_pipe:
    provider: ownca
    ownca_privatekey_path: '{{ signed_certificate.privkey_path }}'
    ownca_privatekey_passphrase: '{{ signed_certificate.privkey_passphrase }}'
    ownca_content: '{{ signed_certificate.cert_content }}'
    ownca_not_after: '{{ signed_certificate.valid_for }}'
    csr_content: '{{ request.csr }}'
  delegate_to: localhost
  register: cert

- name: Install Signed OpenSSL Certificate
  copy:
    dest: '{{ cert_path }}/{{ cert_name }}.pem'
    content: '{{ cert.certificate }}'
    owner: '{{ owner }}'
    group: '{{ group }}'
  become: yes

- name: Set cert_changed flag
  set_fact:
    cert_changed: True