Skip to content

Instantly share code, notes, and snippets.

@breda
Created January 13, 2022 13:12
Show Gist options
  • Save breda/93a87588b180e4c1259f17c95e478283 to your computer and use it in GitHub Desktop.
Save breda/93a87588b180e4c1259f17c95e478283 to your computer and use it in GitHub Desktop.
Ansible: Create a self signed certificate (for nginx usage or other).
- name: "SSL Self-Sign: Generate RSA Key"
openssl_privatekey: path="/etc/nginx/ssl/{{ ssl_certificate_key }}" size=4096
become: yes
become_user: root
notify: reload-nginx
tags: ssl
- name: "SSL Self-Sign: Generate Certificate Signing Request"
openssl_csr:
path: "/etc/nginx/ssl/ssl.csr"
privatekey_path: "/etc/nginx/ssl/{{ ssl_certificate_key }}"
country_name: DZ
state_or_province_name: "Algeirs"
organization_name: "Local Business"
common_name: "{{ app_domain }}"
become: yes
become_user: root
tags: ssl
- name: "SSL Self-Sign: Generate SSL Certificate"
# shell: openssl x509 -req -sha256 -days 365 -in "/etc/nginx/sites-available/ssl.csr" -signkey "/etc/nginx/ssl/{{ ssl_certificate_key }}" -out "/etc/nginx/ssl/{{ ssl_certificate }}"
openssl_certificate:
path: "/etc/nginx/ssl/{{ ssl_certificate }}"
privatekey_path: "/etc/nginx/ssl/{{ ssl_certificate_key }}"
csr_path: "/etc/nginx/ssl/ssl.csr"
provider: selfsigned
become: yes
become_user: root
notify: reload-nginx
tags: ssl
- name: "SSL Self-Sign: Remove SSL Certificate Signing Request"
file: path=/etc/nginx/ssl/ssl.csr state=absent
become: yes
become_user: root
tags: ssl
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment