From f0718f3ceceec13a03b54b8d6d0abd2dac929fc3 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 20 Dec 2023 11:53:07 +0100 Subject: x509: add new role managed-ca --- .../x509/managed-ca/cert/prepare/defaults/main.yml | 49 ++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 roles/x509/managed-ca/cert/prepare/defaults/main.yml (limited to 'roles/x509/managed-ca/cert/prepare/defaults') diff --git a/roles/x509/managed-ca/cert/prepare/defaults/main.yml b/roles/x509/managed-ca/cert/prepare/defaults/main.yml new file mode 100644 index 00000000..8664e7c9 --- /dev/null +++ b/roles/x509/managed-ca/cert/prepare/defaults/main.yml @@ -0,0 +1,49 @@ +--- +managed_ca_cert_hostnames: "{{ x509_certificate_hostnames }}" +managed_ca_cert_name: "{{ x509_certificate_name | default(managed_ca_cert_hostnames[0]) }}" + +managed_ca_cert_base_dir: "/etc/ssl" + +managed_ca_cert_default_renew_margin: "+30d" +managed_ca_cert_config: "{{ x509_certificate_config }}" +# managed_ca_cert_config: +# path: "{{ managed_ca_cert_base_dir }}/{{ managed_ca_cert_name }}" +# mode: "0750" +# owner: root +# group: www-data +# ca: +# host: inventory_name_of_ca_host +# name: my-ca +# key: +# mode: "0640" +# owner: root +# group: www-data +# type: RSA +# size: 4096 +# cert: +# mode: "0644" +# owner: root +# group: www-data +# common_name: foo +# san_extra: +# - "IP:192.0.2.1" +# country_name: "AT" +# locality_name: "Graz" +# organization_name: "spreadspace" +# organizational_unit_name: "ansible" +# state_or_province_name: "Styria" +# basic_constraints: +# - "CA:FALSE" +# basic_constraints_critical: no +# key_usage: +# - digitalSignature +# - keyAgreement +# key_usage_critical: yes +# extended_key_usage: +# - serverAuth +# extended_key_usage_critical: yes +# create_subject_key_identifier: yes +# digest: sha256 +# not_before: +0h +# not_after: +520w +# renew_margin: +42d -- cgit v1.2.3