Skip to content

Latest commit

 

History

History
56 lines (43 loc) · 3.06 KB

README.md

File metadata and controls

56 lines (43 loc) · 3.06 KB

Ansible Role: trippsc2.adcs.signed_certificate

Version: 1.3.0

This role generates a self-signed TLS certificate.

The role depends on the trippsc2.general.generate_csr role to generate a private key and CSR.

The role does the following:

  • Runs the trippsc2.general.generate_csr role to generate a private key and CSR, if needed.
  • If the private key and CSR are generated, the role signs the CSR with the AD CS certification authority and stores it in the cert_certificate_content variable.
  • Optionally, the role will save the certificate to a file.

Requirements

Platform Versions
Debian
  • bullseye
  • bookworm
EL
  • 8
  • 9
Windows
  • 2019
  • 2022
Ubuntu
  • focal
  • jammy
  • noble

Dependencies

Role
trippsc2.general.generate_csr
Collection
ansible.windows
trippsc2.general

Role Arguments

Option Description Type Required Choices Default
cert_signing_ca_hostname

The hostname of the Certificate Authority to sign the certificate.

 str yes
cert_signing_ca_csr_path

The path to the Certificate Signing Request (CSR) file to sign.

 path no C:\Windows\temp{{ inventory_hostname }}.req
cert_signing_ca_fqdn

The Fully Qualified Domain Name (FQDN) of the Certificate Authority to sign the certificate.

This variable is only used if the cert_signing_ca_config option is not defined.

 str no {{ hostvars[cert_signing_ca_hostname].ansible_fqdn }}
cert_signing_ca_common_name

The Common Name (CN) of the Certificate Authority to sign the certificate.

This variable is only used if the cert_signing_ca_config option is not defined.

 str no
cert_signing_ca_config

The configuration of the Certificate Authority to sign the certificate.

This variable is only used if the cert_signing_ca_fqdn and cert_signing_ca_common_name options are not defined.

 str no {{ cert_signing_ca_fqdn }}{{ cert_signing_ca_common_name }}
cert_line_break_character

The line break character to use in the certificate.

 str no \n
cert_certificate_to_file

Whether to save the certificate to a file.

If set to true, the certificate will be saved to the cert_certificate_path path.

 bool no True
cert_certificate_to_variable

Whether to save the certificate to a variable.

If set to true, the certificate will be saved to the cert_certificate_content variable.

 bool no False
cert_certificate_owner

The owner of the certificate on Linux systems.

 str no root
cert_certificate_group

The group of the certificate on Linux systems.

 str no root
cert_certificate_mode

The mode of the certificate on Linux systems.

 str no 0644

License

MIT

Author and Project Information

Jim Tarpley (@trippsc2)