--- - name: Generate CA privatekey openssl_privatekey: path: '{{ output_dir }}/ca_privatekey.pem' - name: Generate CA CSR openssl_csr: path: '{{ output_dir }}/ca_csr.csr' privatekey_path: '{{ output_dir }}/ca_privatekey.pem' subject: commonName: Example CA useCommonNameForSAN: no basic_constraints: - 'CA:TRUE' basic_constraints_critical: yes - name: Generate selfsigned CA certificate openssl_certificate: path: '{{ output_dir }}/ca_cert.pem' csr_path: '{{ output_dir }}/ca_csr.csr' privatekey_path: '{{ output_dir }}/ca_privatekey.pem' provider: selfsigned selfsigned_digest: sha256 - name: Generate ownca certificate openssl_certificate: path: '{{ output_dir }}/ownca_cert.pem' csr_path: '{{ output_dir }}/csr.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' ownca_path: '{{ output_dir }}/ca_cert.pem' ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 register: ownca_certificate - name: Generate ownca certificate openssl_certificate: path: '{{ output_dir }}/ownca_cert.pem' csr_path: '{{ output_dir }}/csr.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' ownca_path: '{{ output_dir }}/ca_cert.pem' ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 register: ownca_certificate_idempotence - name: Generate ownca certificate (check mode) openssl_certificate: path: '{{ output_dir }}/ownca_cert.pem' csr_path: '{{ output_dir }}/csr.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' ownca_path: '{{ output_dir }}/ca_cert.pem' ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 check_mode: yes - name: Check ownca certificate openssl_certificate: path: '{{ output_dir }}/ownca_cert.pem' privatekey_path: '{{ output_dir }}/privatekey.pem' provider: assertonly has_expired: False version: 3 signature_algorithms: - sha256WithRSAEncryption - sha256WithECDSAEncryption subject: commonName: www.example.com issuer: commonName: Example CA - name: Generate ownca v2 certificate openssl_certificate: path: '{{ output_dir }}/ownca_cert_v2.pem' csr_path: '{{ output_dir }}/csr.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' ownca_path: '{{ output_dir }}/ca_cert.pem' ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 ownca_version: 2 - name: Generate ownca certificate2 openssl_certificate: path: '{{ output_dir }}/ownca_cert2.pem' csr_path: '{{ output_dir }}/csr2.csr' privatekey_path: '{{ output_dir }}/privatekey2.pem' ownca_path: '{{ output_dir }}/ca_cert.pem' ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 - name: Check ownca certificate2 openssl_certificate: path: '{{ output_dir }}/ownca_cert2.pem' privatekey_path: '{{ output_dir }}/privatekey2.pem' provider: assertonly has_expired: False version: 3 signature_algorithms: - sha256WithRSAEncryption - sha256WithECDSAEncryption subject: commonName: www.example.com C: US ST: California L: Los Angeles O: ACME Inc. OU: - Roadrunner pest control - Pyrotechnics keyUsage: - digitalSignature extendedKeyUsage: - ipsecUser - biometricInfo issuer: commonName: Example CA - name: Create ownca certificate with notBefore and notAfter openssl_certificate: provider: ownca ownca_not_before: 20181023133742Z ownca_not_after: 20191023133742Z path: "{{ output_dir }}/ownca_cert3.pem" csr_path: "{{ output_dir }}/csr.csr" privatekey_path: "{{ output_dir }}/privatekey3.pem" ownca_path: '{{ output_dir }}/ca_cert.pem' ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' - name: Generate ownca ECC certificate openssl_certificate: path: '{{ output_dir }}/ownca_cert_ecc.pem' csr_path: '{{ output_dir }}/csr_ecc.csr' privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' ownca_path: '{{ output_dir }}/ca_cert.pem' ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 register: ownca_certificate_ecc - import_tasks: ../tests/validate_ownca.yml