Skip to content

Instantly share code, notes, and snippets.

@danpawlik
Created August 10, 2023 07:57
Show Gist options
  • Save danpawlik/089d2fa322874324e9392a1ebe5d8e1d to your computer and use it in GitHub Desktop.
Save danpawlik/089d2fa322874324e9392a1ebe5d8e1d to your computer and use it in GitHub Desktop.
---
- name: Generate self signed certs
hosts: localhost
vars:
ssl_path: /tmp/ssl
org_name: SoftwareFactory
organizational_unit_name: Test
common_name: sftests.com
common_name_alt: gerrit.sftests.com
country_name: PL
state_or_province_name: Dolnoslaskie
locality_name: Wroclaw
tasks:
- name: Install required packages
become: true
package:
name:
- openssl
- python3-cryptography
state: present
- name: Create required directories
ansible.builtin.file:
path: "{{ ssl_path }}"
state: directory
### CA ###
- name: Gen CA privkey
openssl_privatekey:
path: "{{ ssl_path }}/localCA.key"
- name: Generate CA csr
openssl_csr:
path: "{{ ssl_path }}/localCA.csr"
privatekey_path: "{{ ssl_path }}/localCA.key"
country_name: "{{ country_name }}"
organization_name: "{{ org_name }}"
common_name: "{{ common_name }}"
- name: Generate selfsigned CA certificate
openssl_certificate:
path: "{{ ssl_path }}/localCA.pem"
csr_path: "{{ ssl_path }}/localCA.csr"
privatekey_path: "{{ ssl_path }}/localCA.key"
provider: selfsigned
selfsigned_digest: sha256
### Client ###
- name: Gen privkey - client
openssl_privatekey:
path: "{{ ssl_path }}/ssl.key"
- name: Generate Openssl CSR - client
openssl_csr:
path: "{{ ssl_path }}/ssl.csr"
privatekey_path: "{{ ssl_path }}/ssl.key"
common_name: "{{ common_name }}"
country_name: "{{ country_name }}"
state_or_province_name: "{{ state_or_province_name }}"
locality_name: "{{ locality_name }}"
organization_name: "{{ org_name }}"
organizational_unit_name: "{{ organizational_unit_name }}"
subject_alt_name:
- "DNS:{{ common_name_alt }}"
subject_alt_name_critical: true
- name: Generate a self signed cert - client
openssl_certificate:
path: "{{ ssl_path }}/ssl.crt"
csr_path: "{{ ssl_path }}/ssl.csr"
ownca_path: "{{ ssl_path }}/localCA.pem"
ownca_privatekey_path: "{{ ssl_path }}/localCA.key"
provider: ownca
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment