pacifica.ansible_certinfra

Panoramica Versioni Approfondimenti

Pacifica Certificate Infrastructure

This Ansible role helps you manage your own OpenSSL Certificate Authority. It also takes care of intermediate, server, and client certificates. This role provides client certificates to secure communication between applications and services using either Apache or NGINX.

Requirements

  • Ansible version 2.9 or higher
  • Python Cryptography version 3.0 or higher

Role Variables

There are many variables in the default file that I won't explain in detail here. However, here are the basics:

  • SSL Organizational Information - You should change these!

    • country_name (default: US)
    • state_or_province_name (default: Washington) (because that’s where I live)
    • locality_name (default: Richland) (same as above)
    • organization_name (default: Pacifica Software)
    • organizational_unit_name (default: Pacifica Certificate)
    • email_address (default: rootca@pacifica.io) (this one doesn’t actually work)
    • root_ca_common_name (default: Pacifica Software ROOT CA)
    • intermediate_common_name (default: Pacifica Software Intermediate ROOT CA)

  • Servers List - servers is a list of objects with the following keys:

    • name: Fully Qualified Domain Name (FQDN) of the server (required)
    • subject_alt_name: Provided directly here (required)
    • key_path: Private key for the server (computed by default)
    • csr_path: Certificate signing request path (computed by default)
    • basic_constraints: Passed to here (default is default_server_basic_constraints)
    • key_usage: Passed to here (default is default_server_key_usage)

  • Clients List - clients is a list of objects with the following keys:

    • name: Username for the client (required)
    • key_path: Private key for the client (computed by default)
    • csr_path: Certificate signing request path (computed by default)
    • basic_constraints: Passed to here (default is default_client_basic_constraints)
    • key_usage: Passed to here (default is default_client_key_usage)
    • extended_key_usage: Passed to here (default is default_client_extended_key_usage)

Dependencies

  • Community Crypto Collection version 1.1.1 or higher

Example Playbook

Here’s an example of how to use your role (for instance, with variables passed as parameters):

- hosts: servers
  roles:
     - { role: pacifica.ansible_certinfra }

License

LGPL-3.0

Informazioni sul progetto

Manage your own certificate authority, clients and server certificates.

role
Installa
ansible-galaxy install pacifica.ansible_certinfra
GitHub repository
0 stelle
1 fork
0 problemi aperti
Licenza
Unknown
Download
488
Proprietario
Pacifica Software
Data asset management for public data repositories.