Skip to content

Instantly share code, notes, and snippets.

@egeneralov

egeneralov/ansible_openssl_CA_example.yml

Created September 19, 2019 04:56
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save egeneralov/db40573b25fd484932d9d7dfb2cedf8d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save egeneralov/db40573b25fd484932d9d7dfb2cedf8d to your computer and use it in GitHub Desktop.
Download ZIP
Generate a chain (self signed + one signed by the self signed) of certificates using Ansible OpenSSL module.
Raw
ansible_openssl_CA_example.yml
---
- hosts: localhost
gather_facts: no
# # darwin
# vars:
# ansible_python_interpreter: /usr/local/bin/python
tasks:
- block:
- apt:
name: python-openssl
update_cache: yes
cache_valid_time: 3600
rescue:
- pip:
name: PyOpenSSL
- name: Generate CA key
openssl_privatekey:
path: /tmp/CA.key
- name: Generate CA signing request
openssl_csr:
path: /tmp/CA.csr
privatekey_path: /tmp/CA.key
common_name: CA
- name: Generate CA certificate
openssl_certificate:
path: /tmp/CA.crt
privatekey_path: /tmp/CA.key
csr_path: /tmp/CA.csr
provider: selfsigned
- name: Generate end-user private key
openssl_privatekey:
path: /tmp/child.com.pem
- name: Generate end-user signing request
openssl_csr:
path: /tmp/child.com.csr
privatekey_path: /tmp/child.com.pem
common_name: child.com
- name: Generate an OpenSSL certificate signed with your own CA certificate
openssl_certificate:
path: /tmp/child.com.crt
csr_path: /tmp/child.com.csr
ownca_path: /tmp/CA.crt
ownca_privatekey_path: /tmp/CA.key
provider: ownca
# - name: shell verify
# shell: openssl verify -verbose -CAfile /tmp/CA.crt /tmp/child.com.crt
@egeneralov
Copy link
Author

egeneralov commented Sep 19, 2019

Please, note: you must have ansible >= 2.8.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment