fix role
This commit is contained in:
nono
parent
f2816881b3
commit
a171adff47
5 changed files with 78 additions and 78 deletions
|
|
@ -1,25 +1,24 @@
|
|||
---
|
||||
cfssl_version: 1.6.3
|
||||
cfssl_bin_directory: /usr/bin
|
||||
cfssl_port: 8888
|
||||
cfssl_bin_directory: '/usr/bin'
|
||||
cfssl_port: '8888'
|
||||
cfssl_auth_key: "0123456789ABCDEF0123456789ABCDEF"
|
||||
|
||||
pki_dir: /opt/cfssl
|
||||
pki_dir: '/opt/cfssl'
|
||||
|
||||
pki_key:
|
||||
algo: rsa
|
||||
algo: 'rsa'
|
||||
size: 4096
|
||||
|
||||
pki_names:
|
||||
- C: FR
|
||||
- C: 'FR'
|
||||
L: 'Paris'
|
||||
O: 'Acme'
|
||||
OU: 'IT'
|
||||
|
||||
pki_ca:
|
||||
cname: My Internal Certification Authority
|
||||
expiry: 262800h
|
||||
cname: 'My Internal Certification Authority'
|
||||
expiry: '262800h'
|
||||
|
||||
pki_intermediate_ca:
|
||||
cname: My Intermediate Internal Certification Authority
|
||||
expirity: 262800h
|
||||
cname: 'My Intermediate Internal Certification Authority'
|
||||
|
|
@ -92,16 +92,19 @@
|
|||
shell: '{{cfssl_bin_directory}}/cfssl gencert -initca {{pki_dir}}/csr/csr_ROOT_CA.json | {{cfssl_bin_directory}}/cfssljson -bare ca'
|
||||
args:
|
||||
chdir: '{{pki_dir}}/CA/'
|
||||
creates: '{{pki_dir}}/CA/ca-key.pem'
|
||||
|
||||
- name: create intermediate certificate authority key pair and CSR, autosign it
|
||||
shell: '{{cfssl_bin_directory}}/cfssl gencert -ca {{pki_dir}}/CA/ca.pem -ca-key {{pki_dir}}/CA/ca-key.pem -config={{pki_dir}}/etc/cfssl.json -profile="intermediate_ca" {{pki_dir}}/csr/csr_intermediate_CA.json | {{cfssl_bin_directory}}/cfssljson -bare ca-server'
|
||||
args:
|
||||
chdir: '{{pki_dir}}/CA/'
|
||||
creates: '{{pki_dir}}/CA/ca-server-key.pem'
|
||||
|
||||
- name: create sqlite3 database
|
||||
shell: 'cat {{pki_dir}}/data/init.sql | sqlite3 {{pki_dir}}/data/certdb.db'
|
||||
args:
|
||||
chdir: '{{pki_dir}}/CA/'
|
||||
creates: '{{pki_dir}}/data/certdb.db'
|
||||
|
||||
|
||||
- name: Change owner of ca-server.pem by cfssl
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
"auth_keys": {
|
||||
"key_srv": {
|
||||
"type": "standard",
|
||||
"key":"{{cfssl_auth_key}}"
|
||||
"key": "{{cfssl_auth_key}}"
|
||||
}
|
||||
},
|
||||
"signing": {
|
||||
|
|
@ -68,5 +68,4 @@
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"CN": {{pki_ca.cname | to_json}},
|
||||
"key" : {{pki_key | to_json}},
|
||||
"names" : {{pki_names | to_json}},
|
||||
"ca": {"expiry": "{{pki_ca.expiry | to_json}}"}
|
||||
"key": {{pki_key | to_json}},
|
||||
"names": {{pki_names | to_json}},
|
||||
"ca": {"expiry": {{pki_ca.expiry | to_json}}}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
{
|
||||
"CN": {{pki_intermediate_ca.cname | to_json}},
|
||||
"key" : {{pki_key | to_json}},
|
||||
"names" : {{pki_names | to_json}},
|
||||
"ca": {"expiry": "{{pki_intermediate_ca.expiry | to_json}}"}
|
||||
"key": {{pki_key | to_json}},
|
||||
"names": {{pki_names | to_json}}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue