Merge "Allow to provide passphrase for keys"
This commit is contained in:
Zuul
Gerrit Code Review
commit
a36c3b328e
@ -45,6 +45,8 @@
|
|||||||
- name: Generate CA private key for {{ ca.name }}
|
- name: Generate CA private key for {{ ca.name }}
|
||||||
community.crypto.openssl_privatekey:
|
community.crypto.openssl_privatekey:
|
||||||
path: "{{ ca_dir ~ '/private/' ~ ca.name ~ '.key.pem' }}"
|
path: "{{ ca_dir ~ '/private/' ~ ca.name ~ '.key.pem' }}"
|
||||||
|
passphrase: "{{ ca.key_passphrase | default(omit) }}"
|
||||||
|
cipher: "{{ ('key_passphrase' in ca and ca.key_passphrase) | ternary('auto', omit) }}"
|
||||||
register: ca_privkey
|
register: ca_privkey
|
||||||
|
|
||||||
- name: Read the serial number for {{ ca.name }}
|
- name: Read the serial number for {{ ca.name }}
|
||||||
@ -56,6 +58,7 @@
|
|||||||
community.crypto.openssl_csr:
|
community.crypto.openssl_csr:
|
||||||
path: "{{ ca_dir }}/csr/ca_csr-{{ next_serial_no }}.csr"
|
path: "{{ ca_dir }}/csr/ca_csr-{{ next_serial_no }}.csr"
|
||||||
privatekey_path: "{{ ca_privkey.filename }}"
|
privatekey_path: "{{ ca_privkey.filename }}"
|
||||||
|
privatekey_passphrase: "{{ ca.key_passphrase | default(omit) }}"
|
||||||
common_name: "{{ ca.cn }}"
|
common_name: "{{ ca.cn }}"
|
||||||
basic_constraints_critical: yes
|
basic_constraints_critical: yes
|
||||||
basic_constraints: "{{ ca.basic_constraints }}"
|
basic_constraints: "{{ ca.basic_constraints }}"
|
||||||
@ -82,6 +85,7 @@
|
|||||||
csr_path: "{{ ca_csr.filename }}"
|
csr_path: "{{ ca_csr.filename }}"
|
||||||
provider: 'selfsigned'
|
provider: 'selfsigned'
|
||||||
privatekey_path: "{{ ca_privkey.filename }}"
|
privatekey_path: "{{ ca_privkey.filename }}"
|
||||||
|
privatekey_passphrase: "{{ ca.key_passphrase | default(omit) }}"
|
||||||
selfsigned_not_after: "{{ ca.not_after }}"
|
selfsigned_not_after: "{{ ca.not_after }}"
|
||||||
register: ca_selfsigned_crt
|
register: ca_selfsigned_crt
|
||||||
when:
|
when:
|
||||||
@ -97,6 +101,7 @@
|
|||||||
csr_path: "{{ ca_csr.filename }}"
|
csr_path: "{{ ca_csr.filename }}"
|
||||||
provider: 'ownca'
|
provider: 'ownca'
|
||||||
ownca_privatekey_path: "{{ pki_dir ~ '/roots/' ~ ca.signed_by ~ '/private/' ~ ca.signed_by ~ '.key.pem' }}"
|
ownca_privatekey_path: "{{ pki_dir ~ '/roots/' ~ ca.signed_by ~ '/private/' ~ ca.signed_by ~ '.key.pem' }}"
|
||||||
|
ownca_privatekey_passphrase: "{{ ca.ownca_key_passphrase | default(omit) }}"
|
||||||
ownca_path: "{{ pki_dir ~ '/roots/' ~ ca.signed_by ~ '/certs/' ~ ca.signed_by ~ '.crt' }}"
|
ownca_path: "{{ pki_dir ~ '/roots/' ~ ca.signed_by ~ '/certs/' ~ ca.signed_by ~ '.crt' }}"
|
||||||
ownca_not_after: "{{ ca.not_after }}"
|
ownca_not_after: "{{ ca.not_after }}"
|
||||||
register: ca_ownca_crt
|
register: ca_ownca_crt
|
||||||
|
|||||||
@ -25,6 +25,8 @@
|
|||||||
- name: Generate certificate private key for {{ cert.name }}
|
- name: Generate certificate private key for {{ cert.name }}
|
||||||
community.crypto.openssl_privatekey:
|
community.crypto.openssl_privatekey:
|
||||||
path: "{{ cert_dir ~ '/private/' ~ cert.name ~ '.key.pem' }}"
|
path: "{{ cert_dir ~ '/private/' ~ cert.name ~ '.key.pem' }}"
|
||||||
|
passphrase: "{{ cert.key_passphrase | default(omit) }}"
|
||||||
|
cipher: "{{ ('key_passphrase' in cert and cert.key_passphrase) | ternary('auto', omit) }}"
|
||||||
force: "{{ pki_regen_cert == cert.name or ((pki_regen_cert | lower) == 'true') }}"
|
force: "{{ pki_regen_cert == cert.name or ((pki_regen_cert | lower) == 'true') }}"
|
||||||
register: cert_privkey
|
register: cert_privkey
|
||||||
|
|
||||||
@ -32,6 +34,7 @@
|
|||||||
community.crypto.openssl_csr:
|
community.crypto.openssl_csr:
|
||||||
path: "{{ cert_dir ~ '/csr/' ~ cert.name ~ '.csr' }}"
|
path: "{{ cert_dir ~ '/csr/' ~ cert.name ~ '.csr' }}"
|
||||||
privatekey_path: "{{ cert_privkey.filename }}"
|
privatekey_path: "{{ cert_privkey.filename }}"
|
||||||
|
privatekey_passphrase: "{{ cert.key_passphrase | default(omit) }}"
|
||||||
common_name: "{{ cert.cn | default(omit) }}"
|
common_name: "{{ cert.cn | default(omit) }}"
|
||||||
basic_constraints_critical: yes
|
basic_constraints_critical: yes
|
||||||
basic_constraints: "{{ cert.basic_constraints | default(omit) }}"
|
basic_constraints: "{{ cert.basic_constraints | default(omit) }}"
|
||||||
@ -53,6 +56,7 @@
|
|||||||
csr_path: "{{ cert_csr.filename }}"
|
csr_path: "{{ cert_csr.filename }}"
|
||||||
ownca_path: "{{ _ca_file }}"
|
ownca_path: "{{ _ca_file }}"
|
||||||
ownca_privatekey_path: "{{ pki_dir ~ '/roots/' ~ cert.signed_by ~ '/private/' ~ cert.signed_by ~ '.key.pem' }}"
|
ownca_privatekey_path: "{{ pki_dir ~ '/roots/' ~ cert.signed_by ~ '/private/' ~ cert.signed_by ~ '.key.pem' }}"
|
||||||
|
ownca_privatekey_passphrase: "{{ cert.ownca_key_passphrase | default(omit) }}"
|
||||||
provider: ownca
|
provider: ownca
|
||||||
force: "{{ pki_regen_cert == cert.name or ((pki_regen_cert | lower) == 'true') }}"
|
force: "{{ pki_regen_cert == cert.name or ((pki_regen_cert | lower) == 'true') }}"
|
||||||
register: cert_crt
|
register: cert_crt
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user