blob: 4d74ab1f49ffcb02ba24ae4a3eb4849465c2cf4a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
---
static_ca_cert_hostnames: "{{ x509_certificate_hostnames }}"
static_ca_cert_name: "{{ x509_certificate_name | default(static_ca_cert_hostnames[0]) }}"
static_ca_cert_base_dir: "/etc/ssl"
static_ca_cert_default_renew_margin: "+30d"
static_ca_cert_config: "{{ x509_certificate_config }}"
# static_ca_cert_config:
# path: "{{ static_ca_cert_base_dir }}/{{ static_ca_cert_name }}"
# mode: "0750"
# owner: root
# group: www-data
# ca:
# key_content: |
# -----BEGIN RSA PRIVATE KEY-----
# ...
# -----END RSA PRIVATE KEY-----
# cert_content: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# key:
# mode: "0640"
# owner: root
# group: www-data
# type: RSA
# size: 4096
# cert:
# mode: "0644"
# owner: root
# group: www-data
# common_name: foo
# san_extra:
# - "IP:192.0.2.1"
# country_name: "AT"
# locality_name: "Graz"
# organization_name: "spreadspace"
# organizational_unit_name: "ansible"
# state_or_province_name: "Styria"
# basic_constraints:
# - "CA:FALSE"
# basic_constraints_critical: no
# key_usage:
# - digitalSignature
# - keyAgreement
# key_usage_critical: yes
# extended_key_usage:
# - serverAuth
# extended_key_usage_critical: yes
# create_subject_key_identifier: yes
# digest: sha256
# not_before: +0h
# not_after: +520w
# renew_margin: +42d
|