snieking.keystore_truststore

Panoramica Versioni Approfondimenti

Ansible Role: Keystore Truststore

Build Status

This is an Ansible Role that helps you create a keystore and truststore using self-signed certificates.

Requirements

  • You need Java installed and JAVA_HOME set on your host.
  • OpenSSL must be installed on your host.
  • Pip must be installed on your host. Check the example Playbook for more details.

Role Variables

  • ca_path: /tmp/testCA

    • Default: yes
    • Directory for the Certificate Authority.

  • trusted_ca_path:

    • Default: no
    • Path for trusted Certificate Authorities to import into the truststore.

  • expiration_days: 365

    • Default: yes
    • How long the certificates are valid (in days).

  • common_name:

    • Default: no

  • country:

    • Default: no

  • state:

    • Default: no

  • locality:

    • Default: no

  • organization:

    • Default: no

  • organizational_unit:

    • Default: no

  • keystore_name: keystore

    • Default: yes

  • truststore_name: truststore

    • Default: yes

  • clean_up:

    • Default: yes
    • Determines if old certificates should be removed before setup.

Example Playbook

The following Playbook creates and signs certificates based on the provided settings. You can customize the CN (Common Name), C (Country), ST (State), L (Locality), O (Organization), and OU (Organizational Unit). Also configure which services or alternative names the certificates will support.

- hosts: localhost
  connection: local
  vars_prompt:
    - name: "keystore_password"
      prompt: "Please provide a password for the keystore"
  pre_tasks:
    - name: Ensure pip is installed
      easy_install: { name: pip, state: latest }
      become: yes
  roles:
    - role: snieking.keystore_truststore
      trusted_ca_path: /my/trusted/ca-path/
      clean_up: no
      common_name: thecuriousdev.org
      country: SE
      state: Stockholm Country
      locality: Stockholm
      organization: thecuriousdev
      organizational_unit: blog
      alt_names:
        - "DNS.1  = testservice"
        - "DNS.2  = localhost"
        - "IP.1   = 127.0.0.1"

License

BSD, MIT

Author Information

Viktor Plane https://thecuriousdev.org

Informazioni sul progetto

An Ansible Role for creating a keystore and truststore with self-signed certificates.

role certificate java keystore keytool openssl truststore
Installa
ansible-galaxy install snieking.keystore_truststore
GitHub repository
7 stelle
5 fork
1 problemi aperti
Licenza
Unknown
Download
372
Proprietario