switch to csr.json mode

tasks/main.yml

@@ -1,22 +1,32 @@
 - name: include pre_requisite.yml
   import_tasks: pre_requisite.yml
 
-- name: creating cnf file
+- name: creating cfssl config file
   template:
-    src: server.cnf.j2
-    dest: '{{cnf_file}}'
+    src: cfssl.json.j2
+    dest: '{{cfssl_config_file}}'
+    owner: root
+    group: root
+    mode: 0600
+
+- name: creating csr file
+  template:
+    src: csr.json.j2
+    dest: '{{cfssl_csr_file}}'
     owner: root
     group: root
     mode: 0644
 
-- name: create csr and key with openssl
-  shell: 'openssl req -new -newkey rsa:2048 -nodes -sha256 -config {{cnf_file}} -out {{csr_file}} -keyout {{key_file}}'
+- name: generate private key, csr and certificate
+  shell: '{{cfssl_bin_directory}}/cfssl gencert -config {{cfssl_config_file}} -profile "{{cfssl_profile}}" {{cfssl_csr_file}}| cfssljson -bare {{inventory_hostname_short}}'
+  args:
+    chdir: '{{ssl_dir}}'
 
-- name: sign certificate
-  shell: '{{cfssl_bin_directory}}/cfssl sign -remote "{{cfssl_serve_url}}" -profile "{{cfssl_profile}}" {{csr_file}} | cfssljson -bare -stdout > {{cert_file}}'
+- name: move key file to {{key_file}}
+  shell: 'mv {{ssl_dir}}/{{inventory_hostname_short}}-key.pem {{key_file}}'
 
-- name: remove csr in content certificate
-  shell: 'openssl x509 -in {{cert_file}} -out {{cert_file}}'
+- name: move cert file to {{cert_file}}
+  hell: 'mv {{ssl_dir}}/{{inventory_hostname_short}}.pem {{cert_file}}'
 
 - name: recuperate ca certificate
   shell: '{{cfssl_bin_directory}}/cfssl info -remote "{{cfssl_serve_url}}"  | cfssljson -bare -stdout > /usr/local/share/ca-certificates/{{ca_filename}}'