cchurch.win_pfx
Win-PFX
从SSL密钥和证书创建一个PFX文件,以便在Windows Server上安装。
要求
本地(控制器)主机必须安装openssl命令行工具,以便从现有的PEM格式密钥和证书创建PFX文件。
角色变量
使用以下变量来指定是安装还是移除证书:
pfx_state:指定为"present"(安装)或"absent"(移除);默认值为"present"。
如果您已经有了PFX格式的证书文件,可以使用以下变量指定该文件的路径:
pfx_file:PFX文件的本地路径;默认值为"",表示必须使用下面其他变量指定SSL密钥和证书。
如果您只有PEM格式的SSL密钥和证书,可以使用以下变量提供源数据:
- **
pfx_key*:与证书关联的私钥的内容*(不是路径)。默认值为"",除非指定pfx_file,否则这是必需的。 - **
pfx_crt*:证书的内容*(不是路径)。默认值为"",除非指定pfx_file,否则这是必需的。 pfx_ca:应打包到PFX文件中的额外CA证书的内容;默认值为""。pfx_output_file:保存此角色生成的PFX文件副本的本地路径;默认值为"",表示不保存副本。
此角色将在安装或移除证书后设置以下变量:
pfx_import_result:包含changed、log和thumbprint键的字典。thumbprint的值可以被后续角色或任务用来引用已安装的证书。
示例剧本
以下示例剧本从给定的密钥和证书生成PFX文件并安装到Windows主机:
- hosts: windows
vars:
pfx_key: |
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvV7EkKx8d0qNb
vCX+DS4mDqAeGDE+ErVPkSlFWzefSM64gIDgWvP/1vIuXArvooZcpTKg0KEiNsLc
IxHkDKa3i9di9DyaH4cH2clP518USd0tZGF8MYHvtzTq3HrTpbUgtl+WC1K7yuWA
++OLSTzmbHT9gn3NsU6Pw9bUIandVNeEv1X4zmile4eEZLmZlt0fJ3rnI7tagbhT
yNISs4pWMw8MqZLXVRpp4F3d8ZbWAnElmYKxQidovaJCuzEMuQd8Tkj05mgmiFxd
4cxAdZTFT0hkFOF7z47dCHQc1J5CEhQZkyi0GxyR4YEJd6AmLv9klfroYVUiFr8w
INBMg+wPAgMBAAECggEAR4Pywhe8Z0OEUWQZ8taZXfhVIjEn1HN48+z28kzUEOl3
NxViex9dqZmXyYTNCRQ2zQ6r6Z9uOTAwpey/3U2zqeUlgjyvgwUc4/zV+PsbcoD1
7w+kGy1uG8GTmb83cZ+CkscPkXko02Nb3BHgquzCJBFUXhmdCgopSsXLl1XrnFPS
4kkU5se6HujivJYvzCgyPEjKgM71G7cmUDcBEJimX5bXmKao3GvJgHBV6JU1oF+B
l75Oy+fWdPkBdlXpZBj8uUTTHNZG+lTwyAhMTqfnzIuY/JoQG5yhMcVqAVi9QYFZ
tlIspzh0sOOtO6uEpyIIlat0lBiRyv15EV7jawPxEQKBgQDm/Hi+Q31hmm1srQw1
R9DWP5jdfqTJZGaZJcJWGPIavjip63pDhC06WzNiNhYl7CUkiOTNFNcbUGG6k3nF
X6WKQ74wrjl0cZN8EvscTJ+oAz0SSV4iXD+Cd3QbuoEUzLekB3ce8OkLY1rUuKZj
dyhS65rCoS7O2Y3GHb8s9iLSkwKBgQDCVKKx/VTZi42U3EdeslnDBf2H9X9UPJeR
f/53JwojG4Ae1mJNyDjO/Q4cugsTig/ZLNNLQ1zek4cTOqYeVICHI/nhq3jzAu9x
24bHBkeGnzc46wwhbWZIrBTV+RCuk9doxqk3eI8Z9fWTl+5KlWjwZbYldBqLTliM
vrcFcp6CFQKBgEGJ0yyQ86tU6MVUGEmp1cxkgRgfjdwCm8XKW+iX7WG/JU65HJi5
kSekpuCv3frmlOdX3CuARURfu0r3+y4QZGTlsboYRP8QFru2mv89knNWb+aXYJk5
OV/oSs5vTZ68M0LcR2VFD6qGh0giGDvSnGNirCebGi/gtIRI/mxgbiL3AoGAf5lD
GsvUouNXG59n3W4OMlgEmPlBmfYPL6JzW5luto6gGZ96/MezRXYzhflCvJmyvk8I
jiq1GBCWaLHh0Zh6rEGbGeqViDstLf2PCa+9109D20O6u1gyCRW0uKrJoVfB4TJQ
efPXQpyVm0vvU1m3heHDL+SEaWQQEJpJYnJYUeECgYEAz0eKRHXephTyo/pAxpdr
o6j9MlPHxv4LKiMJ35F1xwcZ6UecvJmxaEuMg6kLM8I+6veKhHMnzXFxtcbKuHdC
37EKluqSKHRiEoxnyN9oCd5BTUiQGj21vc+2gslgA76n8HfxH4HuvRuyq4H8Ys/C
sGoq8f2hBA1fAT0yS0C5CGE=
-----END PRIVATE KEY-----
pfx_crt: |
-----BEGIN CERTIFICATE-----
MIIdsTCCApmgAwIBAgIJAIu+OCOKGexLMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
BAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEPMA0GA1UEBwwGRHVyaGFt
MSAwHgYDVQQKDBdOaW5lIE1vcmUgTWludXRlcywgSW5jLjEUMBIGA1UEAwwLZXhh
bXBsZS5jb20wHhcNMTcwNzA2MjM1NTA4WhcNMTgwNzA2MjM1NTA4WjBvMQswCQYD
VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExDzANBgNVBAcMBkR1cmhh
bTEgMB4GA1UECgwXTmluZSBNb3JlIE1pbnV0ZXMsIEluYy4xFDASBgNVBAMMC2V4
YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1exJCsf
HdKjW7wl/g0uJg6gHhgxPhK1T5EpRVs3n0jOuICA4Frz/9byLlwK76KGXKUyoNCh
IjbC3CMR5Aymt4vXYvQ8mh+HB9nJT+dfFEndLWRhfDGB77c06tx606W1ILZflgtS
u8rlgPvji0k85mx0/YJ9zbFOj8PW1CGp3VTXhL9V+M5opXuHhGS5mZbdHyd65yO7
WoG4U8jSErOKVjMPDKmS11UaaeBd3fGW1gJxJZmCsUInaL2iQrsxDLkHfE5I9OZo
JohcXeHMQHWUxU9IZBThe8+O3Qh0HNSeQhIUGZMotBsckeGBCXegJi7/ZJX66GFV
Iha/MCDQTIPsDwIDAQABo1AwTjAdBgNVHQ4EFgQUoaYjRHC8A7sFVYCwVBVbL4G1
OoIwHwYDVR0jBBgwFoAUoaYjRHC8A7sFVYCwVBVbL4G1OoIwDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAQEAo/DNOdY1uwWpAcbxtVDKq7uoLV2w/h8sdsaQ
fO/yiYRJe4qjP6LuaD1g+GUpVYclzcDjtN/iSKSGIs9qisN6S2UhrduaszwNNVMH
s5ZtLPtPwS79NOQXoTZ+FzvYGMCdSxd8yUunxmOd+tjBVYMYq+TqHVxO+BSHUOdY
H7cIRc8Ti7/sOZYqxO2Lr+X6DGJmpx/t4ML/KJAuOSpItL5I1aVZQ/dy+K+UayC/
0NfCeCkka+EbNuOkPVO9IZG2vUVjXcoOy2ByY+ILUPDYVAMX/o60PcOeehv9I9vA
FzlqXiU/LHGIKLwmrpwDBNwW8Ot8pibe4TJr9ODMXQb8GJhnzA==
-----END CERTIFICATE-----
roles:
- role: cchurch.win-pfx
许可证
GPLv3
作者信息
Chris Church chris@ninemoreminutes.com