cchurch.win_pfx

Win-PFX

This is a tool to create a PFX file from an SSL key and certificate, which can be installed on Windows Server.

Requirements

Ensure that the local server has the openssl command line tools installed if you're creating a PFX file from an existing PEM-formatted key and certificate.

Role Variables

You can use the following variables to manage your certificates:

pfx_state: Set this to "present" to install the certificate or "absent" to remove it. The default is "present".

If you already have a PFX file, specify its path with:

pfx_file: Path to your PFX file; the default is "", which means you'll need to provide the SSL key and certificate using the other variables.

If you only have the SSL key and certificate in PEM format, use these variables:

pfx_key: The content of the private key linked to the certificate. Default is "", required unless pfx_file is specified.
pfx_crt: The content of the certificate itself. Default is "", required unless pfx_file is specified.
pfx_ca: Content of any additional CA certificates to include in the PFX file; default is "".
pfx_output_file: Path to save a copy of the generated PFX file; default is "", which means it won't save a copy.

After installing or removing the certificate, the role will set the following variable:

pfx_import_result: A dictionary that includes changed, log, and thumbprint. The thumbprint can be used in later tasks to reference the installed certificate.

Example Playbook

Here’s an example of how to create a PFX file from a given key and certificate and install it on a Windows host:

- hosts: windows
  vars:
    pfx_key: |
      -----BEGIN PRIVATE KEY-----
      MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvV7EkKx8d0qNb
      ...
      -----END PRIVATE KEY-----
    pfx_crt: |
      -----BEGIN CERTIFICATE-----
      MIIDsTCCApmgAwIBAgIJAIu+OCOKGexLMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
      ...
      -----END CERTIFICATE-----
  roles:
    - role: cchurch.win-pfx