forked from evolix/ansible-roles
19 lines
792 B
YAML
19 lines
792 B
YAML
---
|
|
- name: Verify that ssl-cert is installed
|
|
apt:
|
|
name: ssl-cert
|
|
state: installed
|
|
|
|
- name: Create private key for default site ({{ ansible_fqdn }})
|
|
shell: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/C=FR/ST=PACA/L=Marseille/O=Evolix/CN={{ ansible_fqdn }}/emailAddress=security@evolix.net" 2>/dev/null
|
|
|
|
- name: Adjust rights on private key
|
|
file:
|
|
path: /etc/ssl/private/{{ ansible_fqdn }}.key
|
|
owner: root
|
|
group: ssl-cert
|
|
mode: 0640
|
|
|
|
- name: Create certificate for default site
|
|
shell: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt 2>/dev/null
|