puller23.ownca

Ansible Role: ownca

CI

This role creates certificate from an existing selfsigned authority and deploy this certificates to the Server. The certificates will be generated on the destination hosts, signed on the Ansile host, and then uploaded again to the destination hosts.

Requirements

You need to create manually a certificate authority that will be used to sign the certificates of all hosts.

$ openssl genrsa -aes256 -out ca-key.pem 2048
$ openssl req -x509 -new -nodes -extensions v3_ca -key ca-key.pem -days 1095 -out ca-root.pem -sha512

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

ownca_root_ca_folder: "/home/myuser/myownca"

The local folder where the ownca file are located.

ownca_root_ca_passphrase: ""

The ownca passphrase to create the certificates.

ownca_dest_ssl_folder: ""

The directory on the remote server where the certificates should be copied to.

ownca_subject_alt_name:"DNS:my.example.com:DNS:localhost,IP:127.0.0.1"

The subject alternative name can be defined. For

Dependencies

The below requirements are needed on the hosts to use the Ansible modules (openssl_privatekey, openssl_csr, openssl_certificate and openssl_pkcs12)

Either cryptography >= 1.2.3 (older versions might work as well)
Or pyOpenSSL

Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

---
- name: Deploy my own ca
  hosts: all
  become: true
  vars:
    ownca_root_ca_folder: "/home/myuser/myownca"
    ownca_subject_alt_name: "DNS:MyServer.local,DNS:localhost,IP:172.16.1.41,IP:127.0.0.1"
    ownca_root_ca_passphrase: "mypassphrase"
    ownca_dest_ssl_folder: "/etc/ssl/internal_ca/"
    ownca_root_ca_key: |
      -----BEGIN ENCRYPTED PRIVATE KEY-----
      MIIFHD.....MlBA==
      -----END ENCRYPTED PRIVATE KEY-----

    ownca_root_ca_certificate: |
      -----BEGIN CERTIFICATE-----
      MIIDl.......TTm9nDF
      -----END CERTIFICATE-----

License

MIT

Author Information

This role was created in 2021 by Gregor Bartels.

About

Create and deploy certs from Selfsigned CA.

Install
ansible-galaxy install puller23.ownca
GitHub repository
License
Unknown
Downloads
363