---
- name: ssl certificates generate
hosts: localhost
become: true
gather_facts: false
tasks:
- name: rsa private key generate
community.crypto.openssl_privatekey:
path: "/etc/pki/tls/private/{{ item }}-{{ dns_domain }}.key"
type: RSA
size: 4096
mode: "0644"
loop: "{{ dns_hostname }}"
- name: csr (certificate signing request) generate
community.crypto.openssl_csr:
path: "/etc/pki/tls/private/{{ item }}-{{ dns_domain }}.csr"
privatekey_path: "/etc/pki/tls/private/{{ item }}-{{ dns_domain }}.key"
common_name: "{{ item }}.{{ dns_domain }}"
country_name: "{{ cert_country_code }}"
state_or_province_name: "{{ cert_state_name }}"
locality_name: "{{ cert_locality_name }}"
organization_name: "{{ cert_organization_name }}"
organizational_unit_name: "{{ cert_organizational_unit_name }}"
email_address: "{{ cert_email_address }}"
subject_alt_name: "DNS:{{ item }}.{{ dns_domain }}"
mode: "0644"
loop: "{{ dns_hostname }}"
- name: self-signed certificate generate
community.crypto.x509_certificate:
path: "/etc/pki/tls/certs/{{ item }}-{{ dns_domain }}.crt"
privatekey_path: "/etc/pki/tls/private/{{ item }}-{{ dns_domain }}.key"
csr_path: "/etc/pki/tls/private/{{ item }}-{{ dns_domain }}.csr"
ownca_path: "/etc/pki/tls/private/CA.pem"
ownca_privatekey_path: "/etc/pki/tls/private/CA.key"
ownca_privatekey_passphrase: "{{ ca_passphrase }}"
selfsigned_not_before: "-1d"
selfsigned_not_after: "+3650d"
provider: ownca
mode: "0644"
loop: "{{ dns_hostname }}"
- name: pkcs12 file generate
community.crypto.openssl_pkcs12:
path: "/etc/pki/tls/private/{{ item }}-{{ dns_domain }}.pfx"
privatekey_path: "/etc/pki/tls/private/{{ item }}-{{ dns_domain }}.key"
certificate_path: "/etc/pki/tls/certs/{{ item }}-{{ dns_domain }}.crt"
friendly_name: "{{ item }}.{{ dns_domain }}"
mode: "0644"
loop: "{{ dns_hostname }}"
...