diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2023-09-12 00:41:07 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2023-09-12 00:41:07 +0200 |
| commit | 33890cacb183b69bf0032fd3dbd41b9c20cab4b1 (patch) | |
| tree | f5d042cb37c9a72f4ba003d2a8efbaa31aa7b4a3 /roles/x509/selfsigned | |
| parent | monitoring/grafana: add automatic handling for admin password and additonal u... (diff) | |
x509/certificates: generic config handling
Diffstat (limited to 'roles/x509/selfsigned')
| -rw-r--r-- | roles/x509/selfsigned/cert/prepare/defaults/main.yml | 4 | ||||
| -rw-r--r-- | roles/x509/selfsigned/cert/prepare/tasks/main.yml | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/roles/x509/selfsigned/cert/prepare/defaults/main.yml b/roles/x509/selfsigned/cert/prepare/defaults/main.yml index 53dc3b06..e45343e5 100644 --- a/roles/x509/selfsigned/cert/prepare/defaults/main.yml +++ b/roles/x509/selfsigned/cert/prepare/defaults/main.yml @@ -4,6 +4,7 @@ selfsigned_cert_name: "{{ x509_certificate_name | default(selfsigned_cert_hostna selfsigned_cert_base_dir: "/etc/ssl" +selfsigned_cert_config: "{{ x509_certificate_config }}" # selfsigned_cert_config: # path: "{{ selfsigned_cert_base_dir }}/{{ selfsigned_cert_name }}" # mode: "0750" @@ -19,6 +20,9 @@ selfsigned_cert_base_dir: "/etc/ssl" # mode: "0644" # owner: root # group: www-data +# common_name: foo +# san_extra: +# - "IP:192.0.2.1" # country_name: "AT" # locality_name: "Graz" # organization_name: "spreadspace" diff --git a/roles/x509/selfsigned/cert/prepare/tasks/main.yml b/roles/x509/selfsigned/cert/prepare/tasks/main.yml index e7a47742..72999807 100644 --- a/roles/x509/selfsigned/cert/prepare/tasks/main.yml +++ b/roles/x509/selfsigned/cert/prepare/tasks/main.yml @@ -31,8 +31,8 @@ privatekey_path: "{{ selfsigned_cert_path }}/{{ selfsigned_cert_name }}-key.pem" create_subject_key_identifier: "{{ selfsigned_cert_config.cert.create_subject_key_identifier | default(omit) }}" digest: "{{ selfsigned_cert_config.cert.digest | default(omit) }}" - common_name: "{{ selfsigned_cert_name }}" - subject_alt_name: "{{ ['DNS:'] | product(selfsigned_cert_hostnames) | map('join') | list }}" + common_name: "{{ selfsigned_cert_config.cert.common_name | default(selfsigned_cert_name) }}" + subject_alt_name: "{{ ['DNS:'] | product(selfsigned_cert_hostnames) | map('join') | union(selfsigned_cert_config.cert.san_extra | default([])) | list }}" subject_alt_name_critical: yes use_common_name_for_san: no country_name: "{{ selfsigned_cert_config.cert.country_name | default(omit) }}" |