Generate a self-signed certificate with your own CA

Note: Getting Chrome to accept self-signed localhost certificate.

Description

:exclamation: Before using this role, you should know that all of my Ansible roles are tailored to my IT infrastructure. I therefore recommend that you analyze it carefully so that it can be safely installed on your servers.

Requirements

• Ansible >= 2.9

Dependencies

• PyOpenSSL >= 0.15 or cryptography >= 1.3

Installation

• git

Use [email protected]:bguerel/self-signed_certificate.git to pull the latest commit of the role from git.

Platforms

RedHat:
  versions:
    - all
Debian:
  versions:
    - all
Suse:
  versions:
    - all

Role Variables

The descriptions and default settings for all variables can be found in the defaults directory in the following file:

• defaults/main.yml default settings

Example

Configuration

# Define a Domain Name for each node.
self_signed_domain:
  example-app-01v:
  - app01.example.local
  example-app-02v:
  - app02.example.local

# Directory of the certificate
self_signed_cert_path: "/etc/ssl/localcerts"

# The certificate issuer.
self_signed_organization_name: "BGUEREL Self-signed CA"

# Certificate Validity in days.
self_signed_expiration_date_in_days: 3650

# Generate diffie-hellman parameters with the default size (4096 bits).
self_signed_create_dhparam: yes

Playbook

Use it in a playbook as follows:

- hosts: whatever
  become: yes
  roles:
    - self-signed_certificate

License