LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
484 Commits
12 Branches
967 KiB
Tree: 17e409a271
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '17e409a271'
${ noResults }
lilik_playbook/roles/ca_cert/defaults/main.yaml

16 lines
652 B
Raw Normal View History

roles/ca_cert: new role! New role to automate generation and issuing of certificate using a `ca_manager` server. Code is more sintentic and concise, and we avoid duplications.
5 years ago
roles/ca_cert: custom algorithm and broker chain Allows custom (non-ed25519) algorithm and verification of broken trust chain, to work with current stable ca_manager implementation.
5 years ago
roles/ca_cert: new role! New role to automate generation and issuing of certificate using a `ca_manager` server. Code is more sintentic and concise, and we avoid duplications.
5 years ago
 
  1. ---

  2. ca_cert_ca_manager_host: 'authorities_request'

  3. ca_cert_common_name: '{{ host_fqdn }}'

  4. ca_cert_proto: 'tls'

  5. ca_cert_client: false

  6. ca_cert_min_days_validity: 30

  7. ca_cert_renew_private_key: true

  8. ca_cert_tls_subj: '{{ openssl_x509_prefix}}/OU=Server/CN={{ ca_cert_common_name }}'

  9. ca_cert_tls_ca_path: '/etc/ssl/root_ca.crt'

  10. ca_cert_tls_key_path: '/etc/ssl/{{ ca_cert_common_name }}.key'

  11. ca_cert_tls_key_algorithm: 'ed25519'

  12. ca_cert_tls_csr_path: '/etc/ssl/{{ ca_cert_common_name }}.csr'

  13. ca_cert_tls_cert_path: '/etc/ssl/{{ ca_cert_common_name }}.crt'

  14. ca_cert_ssh_ca_path: '/etc/ssh/user_ca.pub'

  15. ca_cert_ssh_key_path: '/etc/ssh/ssh_host_ed25519_key'

  16. ...