Commit 265dee69 authored by Oyvind.Gjesdal's avatar Oyvind.Gjesdal
Browse files

wip ssl

parent 6d206673
# single domain
- name: "set fact for folder for digicert"
set_fact:
apache_digicert_uib_home: "/etc/digicert-uib"
- name: "create digicert-uib-folder"
file:
path: "{{ item }}"
state: "directory"
owner: root
group: "root"
chmod: "0550"
loop:
- "{{ apache_digicert_uib_home }}"
- "{{ apache_digicert_uib_home }}/archive"
- name: "create directory for vhosts"
file:
path: "{{ apache_digicert_uib_home }}/archive/{{ item.name }}"
state: "directory"
owner: "root"
group: "root"
chmod: "0550"
loop: "{{ apache_vhosts }}"
when: "item.ssl_type == 'uib'"
- name: "stat archive"
stat:
path: "{{ apache_digicert_uib_home }}/archive"
register: apace_digicert_archive
- name: "prompt for renew"
vars_prompt:
name: "apache_digicert_confirm_renew"
private: no
when: "apache_digicert_renew | bool"
- name: "generate ssl private key"
openssl_privatekey:
path: "/etc/pki/tls/{{ vhost.name }}.pem"
size: "2048"
path: "{{ apache_digicert_uib_home }}/archive/{{ item.name }}/priv_key.pem"
backup: "yes"
size: "2048"
loop: "{{ apache_vhosts }}"
when: "item.ssl_type == 'uib'"
- name: "generate an OpenSSL Certificate Signin request"
openssl_csr:
path: "/etc/pki/tls/certs/{{ domain_list[0].dns_server }}.csr"
backup: "yes"
path: "{{ apache_digicert_uib_home }}/csr//{{ domain_list[0].dns_server }}.csr"
privatekey_path: /etc/pki/tls/{{ item.name }}.pem
country_name: "NO"
organization: "Universitetet_i_Bergen"
common_name: "{{ domain_list[0].name }}"
- name: "get certificate url from ITA"
prompt_vars:
get_url:
# @todo multiple domains
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment