promethues: remote certificate signing for exporter/base

author: Christian Pointner <equinox@spreadspace.org> 2021-06-10 01:15:32 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2021-06-20 01:44:16 +0200
commit: 6082a92fa86d121d3ea4256859ee4c9d412e78c0 (patch)
tree: 56ece20d6814f1cf5e0479b940d1d2366edfdd2b /roles/monitoring/prometheus/ca
parent: prometheus: move CA to seperate role and add prometheus zone groups (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/monitoring/prometheus/ca/tasks/main.yml b/roles/monitoring/prometheus/ca/tasks/main.yml
index 9f166321..cde4a267 100644
--- a/roles/monitoring/prometheus/ca/tasks/main.yml
+++ b/roles/monitoring/prometheus/ca/tasks/main.yml
@@ -34,7 +34,6 @@
     useCommonNameForSAN: no
     key_usage:
     - cRLSign
-    - digitalSignature
     - keyCertSign
     key_usage_critical: yes
     basic_constraints:
@@ -50,3 +49,4 @@
     provider: selfsigned
     selfsigned_digest: sha256
     selfsigned_not_after: "+18250d" ## 50 years
+    selfsigned_create_subject_key_identifier: always_create
author	Christian Pointner <equinox@spreadspace.org>	2021-06-10 01:15:32 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2021-06-20 01:44:16 +0200
commit	6082a92fa86d121d3ea4256859ee4c9d412e78c0 (patch)
tree	56ece20d6814f1cf5e0479b940d1d2366edfdd2b /roles/monitoring/prometheus/ca
parent	prometheus: move CA to seperate role and add prometheus zone groups (diff)