Ansible Collection to create an OpenSSL Certificate Authority and sign client certificates.
The collection was tested with Ansible versions >=2.9.10.
The below Python module requirements are needed on the host that executes this collection.
- Either
cryptography>= 1.2.3 - Or
pyOpenSSL
You can install the collection with the Ansible Galaxy CLI:
ansible-galaxy collection install rhjhunt.opensslca
You can also include it in a requirements.yml file and install it with
ansible-galaxy collection install -r requirements.yml, using the format:
---
collections:
- name: rhjhunt.opensslca| Name | Description |
|---|---|
| rhjhunt.openssla.rootca | Create a Root Certificate Authority |
| rhjhunt.openssl.clientcert | Create and sign client servers with the root CA |
You can use the following example to create a Certificate Authority.
- name: Certificate Authority
hosts: localhost
become: yes
roles:
- role: rhjhunt.opensslca.rootca
vars:
rootca_country: US
rootca_email: [email protected]
rootca_state_or_province: CA
rootca_org: Example Inc.
rootca_password: changemeYou can use the following example to create a client certificate and sign the certificate.
- name: Certificate Authority
hosts: localhost
become: yes
roles:
- role: rhjhunt.opensslca.clientcert
vars:
clientcert_country: US
clientcert_email: [email protected]
clientcert_state_or_province: CA
clientcert_org: Example Inc.
rootca_password: changeme
clientcert_hostname: server.example.com