Skip to content

Instantly share code, notes, and snippets.

@gititreach

gititreach/create_cert.yml

Forked from JonTheNiceGuy/create_cert.yml
Created May 6, 2020 06:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save gititreach/4841859bc5ba60e6e16b46a7f62d2b4d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save gititreach/4841859bc5ba60e6e16b46a7f62d2b4d to your computer and use it in GitHub Desktop.
Download ZIP
A simple ansible playbook to create a new self-signed certificate
Raw
create_cert.yml
---
- hosts: localhost
vars:
- dnsname: your.dns.name
- tmppath: "./tmp/"
- crtpath: "{{ tmppath }}{{ dnsname }}.crt"
- pempath: "{{ tmppath }}{{ dnsname }}.pem"
- csrpath: "{{ tmppath }}{{ dnsname }}.csr"
- pfxpath: "{{ tmppath }}{{ dnsname }}.pfx"
- private_key_password: "password"
tasks:
- file:
path: "{{ tmppath }}"
state: absent
- file:
path: "{{ tmppath }}"
state: directory
- name: "Generate the private key file to sign the CSR"
openssl_privatekey:
path: "{{ pempath }}"
passphrase: "{{ private_key_password }}"
cipher: aes256
- name: "Generate the CSR file signed with the private key"
openssl_csr:
path: "{{ csrpath }}"
privatekey_path: "{{ pempath }}"
privatekey_passphrase: "{{ private_key_password }}"
common_name: "{{ dnsname }}"
- name: "Sign the CSR file as a CA to turn it into a certificate"
openssl_certificate:
path: "{{ crtpath }}"
privatekey_path: "{{ pempath }}"
privatekey_passphrase: "{{ private_key_password }}"
csr_path: "{{ csrpath }}"
provider: selfsigned
- name: "Convert the signed certificate into a PKCS12 file with the attached private key"
openssl_pkcs12:
action: export
path: "{{ pfxpath }}"
name: "{{ dnsname }}"
privatekey_path: "{{ pempath }}"
privatekey_passphrase: "{{ private_key_password }}"
passphrase: password
certificate_path: "{{ crtpath }}"
state: present
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment