Skip to content
/ openssl-pki Public

An Ansible role for creating and deploying a SSL infrastructure

5 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dggreenbaum/openssl-pki

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
defaults
defaults
 
 
files
files
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
tests
tests
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 

Repository files navigation

OpenSSL PKI

Ansible Galaxy Build Status

This role sets up a root certificate authority (CA), an intermediate CA, and an arbitrary number SSL/TLS keys and certificates signed by the intermediate CA.

Requirements

Requires a Unix like operating system. (Linux/OSX) The latest Debian/Ubuntu and MacOS are supported.

This role will attempt to install the openssl package or equivalent for your operating system. If your operating system does not have an openssl package (EG Windows) this role won't work.

Role Variables

CA Location Default
openssl_pki_certs_ca_root_dir "{{ ansible_env.HOME }}/ca"
openssl_pki_certs_server_root_dir "/srv/keys"
CA Names Default
openssl_pki_ca_name "ca"
openssl_pki_intermediate_ca_name "intermediate"
Cert Fields Default
openssl_pki_country "US"
openssl_pki_locality "Phoenix"
openssl_pki_organization "Example\ LLC"
openssl_pki_state "Arizona"
CA Common Names Default
openssl_pki_ca_common_name "Example\ LLC\ Certificate\ Authority"
openssl_pki_intermediate_common_name "Example\ LLC\ Intermediate\ Certificate\ Authority"
Server Common Name Default
openssl_pki_server_common_name "{{ inventory_hostname }}"
Server Alternative Names Default
openssl_pki_server_alternative_names ["{{ ansible_hostname }}"]
openssl_pki_server_alternative_ips ["{{ ansible_all_ipv4_addresses }}"]
Cert lifespan Default
openssl_pki_server_cert_days "365"
openssl_pki_intermediate_cert_days "3650"
openssl_pki_ca_days "7300"
Hashing method Default
openssl_pki_hash_type "sha256"
File modes Default
openssl_pki_private_dir_mode "0700"
openssl_pki_ca_key_mode "0400"
openssl_pki_ca_cert_mode "0444"
openssl_pki_intermediate_key_mode "0400"
openssl_pki_intermediate_cert_mode "0444"
openssl_pki_intermediate_chain_mode "0444"
openssl_pki_server_key_mode "0444"
openssl_pki_server_cert_mode "0444"
Key Strength Default
opsnssl_pki_ca_key_strength "4096"
opsnssl_pki_intermediate_key_strength "4096"
opsnssl_pki_server_key_strength "2048"

Dependencies

This role should not have any role dependencies.

Example Playbook

banana banana banana

License

BSD

About

An Ansible role for creating and deploying a SSL infrastructure

Topics

tls ssl ansible openssl ansible-role ssl-certificate tls-certificate

Resources

Readme
Activity

Stars

5 stars

Watchers

5 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •