blob: 3024127391943d64dc311d9e906a7278275c08ed (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
---
ownca_cert_hostnames: "{{ x509_certificate_hostnames }}"
ownca_cert_name: "{{ x509_certificate_name | default(ownca_cert_hostnames[0]) }}"
ownca_cert_base_dir: "/etc/ssl"
ownca_cert_default_renew_margin: "+30d"
ownca_cert_config: "{{ x509_certificate_config }}"
# ownca_cert_config:
# path: "{{ ownca_cert_base_dir }}/{{ ownca_cert_name }}"
# mode: "0750"
# owner: root
# group: www-data
# ca:
# key_content: |
# -----BEGIN RSA PRIVATE KEY-----
# ...
# -----END RSA PRIVATE KEY-----
# cert_content: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# key:
# mode: "0640"
# owner: root
# group: www-data
# type: RSA
# size: 4096
# cert:
# mode: "0644"
# owner: root
# group: www-data
# common_name: foo
# san_extra:
# - "IP:192.0.2.1"
# country_name: "AT"
# locality_name: "Graz"
# organization_name: "spreadspace"
# organizational_unit_name: "ansible"
# state_or_province_name: "Styria"
# basic_constraints:
# - "CA:TRUE"
# - "pathLenConstraint:0"
# basic_constraints_critical: no
# key_usage:
# - digitalSignature
# - keyAgreement
# key_usage_critical: yes
# extended_key_usage:
# - serverAuth
# extended_key_usage_critical: yes
# create_subject_key_identifier: yes
# digest: SHA256
# not_before: +0h
# not_after: +520w
# renew_margin: +42d
|