---
ownca_cert_hostnames: "{{ x509_certificate_hostnames }}"
ownca_cert_name: "{{ x509_certificate_name | default(ownca_cert_hostnames[0]) }}"

ownca_cert_base_dir: "/etc/ssl"

ownca_cert_default_renew_margin: "+30d"
ownca_cert_config: "{{ x509_certificate_config }}"
# ownca_cert_config:
#   path: "{{ ownca_cert_base_dir }}/{{ ownca_cert_name }}"
#   mode: "0750"
#   owner: root
#   group: www-data
#   ca:
#     key_content: |
#       -----BEGIN RSA PRIVATE KEY-----
#       ...
#       -----END RSA PRIVATE KEY-----
#     cert_content: |
#       -----BEGIN CERTIFICATE-----
#       ...
#       -----END CERTIFICATE-----
#   key:
#     mode: "0640"
#     owner: root
#     group: www-data
#     type: RSA
#     size: 4096
#   cert:
#     mode: "0644"
#     owner: root
#     group: www-data
#     common_name: foo
#     san_extra:
#     - "IP:192.0.2.1"
#     country_name: "AT"
#     locality_name: "Graz"
#     organization_name: "spreadspace"
#     organizational_unit_name: "ansible"
#     state_or_province_name: "Styria"
#     basic_constraints:
#     - "CA:TRUE"
#     - "pathLenConstraint:0"
#     basic_constraints_critical: no
#     key_usage:
#     - digitalSignature
#     - keyAgreement
#     key_usage_critical: yes
#     extended_key_usage:
#     - serverAuth
#     extended_key_usage_critical: yes
#     create_subject_key_identifier: yes
#     digest: SHA256
#     not_before: +0h
#     not_after: +520w
#     renew_margin: +42d