40 lines
1.3 KiB
YAML
40 lines
1.3 KiB
YAML
---
|
|
- name: Sanity checks
|
|
ansible.builtin.assert:
|
|
that:
|
|
- selfsignedcert_basename | default("") != ""
|
|
|
|
|
|
- name: Generate private key
|
|
community.crypto.openssl_privatekey:
|
|
path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_key }}'
|
|
size: '{{ selfsignedcert_keysize | default(2048) }}'
|
|
mode: '0600'
|
|
register: selfsignedcert_result_key
|
|
|
|
|
|
- name: Generate CSR
|
|
community.crypto.openssl_csr:
|
|
path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_csr }}'
|
|
privatekey_path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_key }}'
|
|
common_name: '{{ selfsigned_cn | default(ansible_hostname) }}'
|
|
subject_alt_name: '{{ selfsigned_san | default([]) }}'
|
|
|
|
|
|
- name: Generate certificate
|
|
community.crypto.x509_certificate:
|
|
path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_crt }}'
|
|
privatekey_path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_key }}'
|
|
csr_path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_csr }}'
|
|
provider: selfsigned
|
|
register: selfsignedcert_result_crt
|
|
|
|
|
|
- name: Combine key and certificate
|
|
ansible.builtin.template:
|
|
src: combined.j2
|
|
dest: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_combined }}'
|
|
mode: '0600'
|
|
backup: true
|
|
when: not selfsignedcert_suffix_combined
|