smedegaard/custom_certs.yml

## custom_certs.yml
- set_fact:
    extra_args: ""
  when: not fips_enabled|bool

- set_fact:
    extra_args: "-providerpath {{fips_jar_path}} -providerclass {{fips_provider_class}}"
  when: fips_enabled|bool

- name: Create Truststore and Import the CA Cert
  shell: |
    keytool -noprompt \
      -keystore {{truststore_path}} \
      -storetype pkcs12 \
      -alias CARoot \
      -import -file {{ssl_ca_cert_filepath}} \
      -storepass {{truststore_storepass}} \
      -keypass {{truststore_storepass}} {{extra_args}}

- name: Put Key and Signed Cert into pkcs12 Format
  shell: |
    openssl pkcs12 -export \
      -in {{ ssl_signed_cert_filepath }} \
      -inkey {{ ssl_key_filepath }} \
      -out /var/ssl/private/generation/client.p12 \
      -name kafkassl \
      -passout pass:{{ keystore_keypass }}

- name: Create Keystore
  shell: |
    keytool -importkeystore \
      -srckeystore /var/ssl/private/generation/client.p12 \
      -srcstoretype pkcs12 \
      -srcstorepass {{ keystore_keypass }} \
      -destkeystore {{keystore_path}} \
      -deststoretype pkcs12 \
      -deststorepass {{ keystore_storepass }} \
      -destkeypass {{ keystore_storepass }} {{extra_args}}

- name: Import the CA Cert into Keystore
  shell: |
    keytool -noprompt -keystore {{keystore_path}} \
      -storetype pkcs12 \
      -keyalg RSA \
      -alias CARoot \
      -import -file {{ssl_ca_cert_filepath}} \
      -storepass {{ keystore_storepass }} \
      -keypass {{ keystore_storepass }} {{extra_args}}
	- set_fact:
	extra_args: ""
	when: not fips_enabled\|bool

	- set_fact:
	extra_args: "-providerpath {{fips_jar_path}} -providerclass {{fips_provider_class}}"
	when: fips_enabled\|bool

	- name: Create Truststore and Import the CA Cert
	shell: \|
	keytool -noprompt \
	-keystore {{truststore_path}} \
	-storetype pkcs12 \
	-alias CARoot \
	-import -file {{ssl_ca_cert_filepath}} \
	-storepass {{truststore_storepass}} \
	-keypass {{truststore_storepass}} {{extra_args}}

	- name: Put Key and Signed Cert into pkcs12 Format
	shell: \|
	openssl pkcs12 -export \
	-in {{ ssl_signed_cert_filepath }} \
	-inkey {{ ssl_key_filepath }} \
	-out /var/ssl/private/generation/client.p12 \
	-name kafkassl \
	-passout pass:{{ keystore_keypass }}

	- name: Create Keystore
	shell: \|
	keytool -importkeystore \
	-srckeystore /var/ssl/private/generation/client.p12 \
	-srcstoretype pkcs12 \
	-srcstorepass {{ keystore_keypass }} \
	-destkeystore {{keystore_path}} \
	-deststoretype pkcs12 \
	-deststorepass {{ keystore_storepass }} \
	-destkeypass {{ keystore_storepass }} {{extra_args}}

	- name: Import the CA Cert into Keystore
	shell: \|
	keytool -noprompt -keystore {{keystore_path}} \
	-storetype pkcs12 \
	-keyalg RSA \
	-alias CARoot \
	-import -file {{ssl_ca_cert_filepath}} \
	-storepass {{ keystore_storepass }} \
	-keypass {{ keystore_storepass }} {{extra_args}}