@ -330,3 +330,184 @@
backup : yes
select_crypto_backend : '{{ select_crypto_backend }}'
register : csr_backup_5
- name : Generate CSR with everything
openssl_csr:
path : '{{ output_dir }}/csr_everything.csr'
privatekey_path : '{{ output_dir }}/privatekey.pem'
subject:
commonName : www.example.com
C : de
L : Somewhere
ST : Zurich
streetAddress : Welcome Street
O : Ansible
organizationalUnitName : Crypto Department
serialNumber : "1234"
SN : Last Name
GN : First Name
title : Chief
pseudonym : test
UID : asdf
emailAddress : test@example.com
postalAddress : 1234 Somewhere
postalCode : "1234"
useCommonNameForSAN : no
key_usage:
- digitalSignature
- keyAgreement
- Non Repudiation
- Key Encipherment
- dataEncipherment
- Certificate Sign
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical : yes
extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
- TLS Web Client Authentication
- Code Signing
- E-mail Protection
- timeStamping
- OCSPSigning
- Any Extended Key Usage
- qcStatements
- DVCS
- IPSec User
- biometricInfo
subject_alt_name:
- "DNS:www.ansible.com"
- "IP:1.2.3.4"
- "IP:::1"
- "email:test@example.org"
- "URI:https://example.org/test/index.html"
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical : yes
ocsp_must_staple : yes
select_crypto_backend : '{{ select_crypto_backend }}'
register : everything_1
- name : Generate CSR with everything (idempotent, check mode)
openssl_csr:
path : '{{ output_dir }}/csr_everything.csr'
privatekey_path : '{{ output_dir }}/privatekey.pem'
subject:
commonName : www.example.com
C : de
L : Somewhere
ST : Zurich
streetAddress : Welcome Street
O : Ansible
organizationalUnitName : Crypto Department
serialNumber : "1234"
SN : Last Name
GN : First Name
title : Chief
pseudonym : test
UID : asdf
emailAddress : test@example.com
postalAddress : 1234 Somewhere
postalCode : "1234"
useCommonNameForSAN : no
key_usage:
- digitalSignature
- keyAgreement
- Non Repudiation
- Key Encipherment
- dataEncipherment
- Certificate Sign
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical : yes
extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
- TLS Web Client Authentication
- Code Signing
- E-mail Protection
- timeStamping
- OCSPSigning
- Any Extended Key Usage
- qcStatements
- DVCS
- IPSec User
- biometricInfo
subject_alt_name:
- "DNS:www.ansible.com"
- "IP:1.2.3.4"
- "IP:::1"
- "email:test@example.org"
- "URI:https://example.org/test/index.html"
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical : yes
ocsp_must_staple : yes
select_crypto_backend : '{{ select_crypto_backend }}'
check_mode : yes
register : everything_2
- name : Generate CSR with everything (idempotent)
openssl_csr:
path : '{{ output_dir }}/csr_everything.csr'
privatekey_path : '{{ output_dir }}/privatekey.pem'
subject:
commonName : www.example.com
C : de
L : Somewhere
ST : Zurich
streetAddress : Welcome Street
O : Ansible
organizationalUnitName : Crypto Department
serialNumber : "1234"
SN : Last Name
GN : First Name
title : Chief
pseudonym : test
UID : asdf
emailAddress : test@example.com
postalAddress : 1234 Somewhere
postalCode : "1234"
useCommonNameForSAN : no
key_usage:
- digitalSignature
- keyAgreement
- Non Repudiation
- Key Encipherment
- dataEncipherment
- Certificate Sign
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical : yes
extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
- TLS Web Client Authentication
- Code Signing
- E-mail Protection
- timeStamping
- OCSPSigning
- Any Extended Key Usage
- qcStatements
- DVCS
- IPSec User
- biometricInfo
subject_alt_name:
- "DNS:www.ansible.com"
- "IP:1.2.3.4"
- "IP:::1"
- "email:test@example.org"
- "URI:https://example.org/test/index.html"
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical : yes
ocsp_must_staple : yes
select_crypto_backend : '{{ select_crypto_backend }}'
register : everything_3