opencore.keystores

Panoramica Versioni Approfondimenti

Opencore.Keystores

This role helps you set up a Public Key Infrastructure (PKI) and create server and user certificates.

For more details, check out this blog post.

Requirements

This role is meant to be used on a single computer (localhost) and will create files based on the inventory information. The computer running this role needs to have:

  • OpenSSL
  • Java (for the keytool command)

Role Variables

You need to set one required variable for the role to work:

  • KEYSTORE_BASE_DIR: This is the main folder where files will be created. If you are using the wrapper script, it will automatically use the current directory.

You can configure the role with these additional settings:

Variable Description Default
CLIENT_CERTIFICATES List of usernames for which client certificates will be created. ["user1", "user2"]
CERTIFICATE_VALID_DAYS How many days the certificates will be valid. 365
KEY_VALID_DAYS How many days the keys will be valid. 10000
SSL_STORE_PASSWORD Password for the keystore files. secret
SSL_KEY_PASSWORD Password for the keys inside the keystores. secret
FORCE_CA If set to true, existing files will be deleted, and new CA, user, and server files will be created. false
FORCE_CERTS If set to true, CA files will remain, but all user and server keys and certificates will be regenerated. false
DOMAIN Used for certificate properties. OPENCORE.COM
O Used for certificate properties. OpenCore
C Used for certificate properties. DE
ST Used for certificate properties. SH
L Used for certificate properties. Wedel
OU Used for certificate properties. Internal
KEYSTORE_DIR Directory path for keystores. Usually, you shouldn't need to change this.
CA_DIR Directory path for CA files. Usually, you shouldn't need to change this.
CERT_DIR Directory path for intermediate certificates and CSR files. Usually, you shouldn't need to change this.

Dependencies

This role does not require other roles to work.

Example Playbook

Here's a simple example of how to use this role:

- hosts: localhost
  roles:
    - opencore.keystores

License

BSD

Informazioni sul progetto

Generates a set of java key- & truststores

role keystore ssl tls
Installa
ansible-galaxy install opencore.keystores
GitHub repository
1 stelle
0 fork
0 problemi aperti
Licenza
Unknown
Download
135
Proprietario
OpenCore
Big Data, Hadoop, Kafka etc. - Training, Consulting, Insights