2 files changed, 6 insertions, 2 deletions

diff --git a/roles/x509/ownca/cert/prepare/defaults/main.yml b/roles/x509/ownca/cert/prepare/defaults/main.yml
index 4953db74..89dced63 100644
--- a/roles/x509/ownca/cert/prepare/defaults/main.yml
+++ b/roles/x509/ownca/cert/prepare/defaults/main.yml
@@ -4,6 +4,7 @@ ownca_cert_name: "{{ x509_certificate_name | default(ownca_cert_hostnames[0]) }}
 
 ownca_cert_base_dir: "/etc/ssl"
 
+ownca_cert_config: "{{ x509_certificate_config }}"
 # ownca_cert_config:
 #   path: "{{ ownca_cert_base_dir }}/{{ ownca_cert_name }}"
 #   mode: "0750"
@@ -28,6 +29,9 @@ ownca_cert_base_dir: "/etc/ssl"
 #     mode: "0644"
 #     owner: root
 #     group: www-data
+#     common_name: foo
+#     san_extra:
+#     - "IP:192.0.2.1"
 #     country_name: "AT"
 #     locality_name: "Graz"
 #     organization_name: "spreadspace"
diff --git a/roles/x509/ownca/cert/prepare/tasks/main.yml b/roles/x509/ownca/cert/prepare/tasks/main.yml
index a2d14ed6..6eb3525f 100644
--- a/roles/x509/ownca/cert/prepare/tasks/main.yml
+++ b/roles/x509/ownca/cert/prepare/tasks/main.yml
@@ -31,8 +31,8 @@
     privatekey_path: "{{ ownca_cert_path }}/{{ ownca_cert_name }}-key.pem"
     create_subject_key_identifier: "{{ ownca_cert_config.cert.create_subject_key_identifier | default(omit) }}"
     digest: "{{ ownca_cert_config.cert.digest | default(omit) }}"
-    common_name: "{{ ownca_cert_name }}"
-    subject_alt_name: "{{ ['DNS:'] | product(ownca_cert_hostnames) | map('join') | list }}"
+    common_name: "{{ ownca_cert_config.cert.common_name | default(ownca_cert_name) }}"
+    subject_alt_name: "{{ ['DNS:'] | product(ownca_cert_hostnames) | map('join') | union(ownca_cert_config.cert.san_extra | default([])) | list }}"
     subject_alt_name_critical: yes
     use_common_name_for_san: no
     country_name: "{{ ownca_cert_config.cert.country_name | default(omit) }}"