Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A simple ansible playbook to create a new self-signed certificate
---
- hosts: localhost
vars:
- dnsname: your.dns.name
- tmppath: "./tmp/"
- crtpath: "{{ tmppath }}{{ dnsname }}.crt"
- pempath: "{{ tmppath }}{{ dnsname }}.pem"
- csrpath: "{{ tmppath }}{{ dnsname }}.csr"
- pfxpath: "{{ tmppath }}{{ dnsname }}.pfx"
- private_key_password: "password"
tasks:
- file:
path: "{{ tmppath }}"
state: absent
- file:
path: "{{ tmppath }}"
state: directory
- name: "Generate the private key file to sign the CSR"
openssl_privatekey:
path: "{{ pempath }}"
passphrase: "{{ private_key_password }}"
cipher: aes256
- name: "Generate the CSR file signed with the private key"
openssl_csr:
path: "{{ csrpath }}"
privatekey_path: "{{ pempath }}"
privatekey_passphrase: "{{ private_key_password }}"
common_name: "{{ dnsname }}"
- name: "Sign the CSR file as a CA to turn it into a certificate"
openssl_certificate:
path: "{{ crtpath }}"
privatekey_path: "{{ pempath }}"
privatekey_passphrase: "{{ private_key_password }}"
csr_path: "{{ csrpath }}"
provider: selfsigned
- name: "Convert the signed certificate into a PKCS12 file with the attached private key"
openssl_pkcs12:
action: export
path: "{{ pfxpath }}"
name: "{{ dnsname }}"
privatekey_path: "{{ pempath }}"
privatekey_passphrase: "{{ private_key_password }}"
passphrase: password
certificate_path: "{{ crtpath }}"
state: present
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.