base: Generate default (self-signed) certificate
Create /etc/ssl/certs on OpenBSD to follow Linux/Debian Don't change the owner/group of generated files (for now)
This commit is contained in:
parent
f7b29deda3
commit
9fe7825499
|
@ -3,20 +3,21 @@
|
||||||
- name: Default certificate is present
|
- name: Default certificate is present
|
||||||
when: evobsd_default_ssl_cert | bool
|
when: evobsd_default_ssl_cert | bool
|
||||||
block:
|
block:
|
||||||
|
- name: Ensure /etc/ssl/certs exists
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/ssl/certs/
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
mode: "0755"
|
||||||
|
state: directory
|
||||||
|
ignore_errors: '{{ ansible_check_mode }}'
|
||||||
|
|
||||||
- name: Create private key and csr for default site ({{ ansible_fqdn }})
|
- name: Create private key and csr for default site ({{ ansible_fqdn }})
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
|
cmd: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
|
||||||
args:
|
args:
|
||||||
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
|
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
|
||||||
|
|
||||||
- name: Adjust rights on private key
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /etc/ssl/private/{{ ansible_fqdn }}.key
|
|
||||||
owner: root
|
|
||||||
group: ssl-cert
|
|
||||||
mode: "0640"
|
|
||||||
ignore_errors: '{{ ansible_check_mode }}'
|
|
||||||
|
|
||||||
- name: Create certificate for default site
|
- name: Create certificate for default site
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
cmd: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
||||||
|
|
Loading…
Reference in a new issue