2022-12-16 16:51:39 +00:00
|
|
|
ansible-role-cfssl
|
|
|
|
|
==================
|
2022-12-16 15:48:59 +00:00
|
|
|
|
2022-12-16 16:51:39 +00:00
|
|
|
Installes CFSSL (CloudFlare's PKI toolkit) binaries and generate certificate :
|
|
|
|
|
- Self Signed Root CA
|
|
|
|
|
- CA Signed Client Certificates
|
2022-12-16 15:48:59 +00:00
|
|
|
|
|
|
|
|
|
2022-12-16 16:51:39 +00:00
|
|
|
Role Variables
|
|
|
|
|
--------------
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
#Specifies the version of CFSSL toolkit we want to download and use
|
|
|
|
|
cfssl_version: "1.6.3"
|
|
|
|
|
|
|
|
|
|
# The directory where CFSSL binaries will be installed
|
|
|
|
|
cfssl_bin_directory: /usr/bin
|
|
|
|
|
|
|
|
|
|
# The CA directory where we will store CA, and Client certificates/keys.
|
|
|
|
|
pki_dir: /opt/cfssl
|
|
|
|
|
|
|
|
|
|
# The Certificates Key Algos for both CA and Client certificates.
|
|
|
|
|
pki_key:
|
|
|
|
|
algo: rsa
|
|
|
|
|
size: 4096
|
|
|
|
|
|
|
|
|
|
# The CA Certificate Object and the default Client Certificate Object.
|
|
|
|
|
pki_names:
|
|
|
|
|
- C: FR
|
|
|
|
|
L: 'Paris'
|
|
|
|
|
O: 'Acme'
|
|
|
|
|
OU: IT
|
|
|
|
|
|
|
|
|
|
pki_ca:
|
|
|
|
|
cname: My Internal Certification Authority
|
|
|
|
|
|
|
|
|
|
# The properties of the CA
|
|
|
|
|
pki_ca:
|
|
|
|
|
cname: My Internal Certification Authority
|
|
|
|
|
expiry: 262800h (30 Years)
|
|
|
|
|
|
|
|
|
|
# The properties of the Intermediate CA
|
|
|
|
|
pki_intermediate_ca:
|
|
|
|
|
cname: My Intermediate Internal Certification Authority
|
|
|
|
|
expiry: 262800h (30 Years)
|
|
|
|
|
|
|
|
|
|
```
|
