Commit 2d580718 authored by Oyvind.Gjesdal's avatar Oyvind.Gjesdal
Browse files

wip certificate

parent 28c12464
......@@ -2,6 +2,8 @@
- name: "set fact for folder for digicert"
set_fact:
apache_digicert_uib_home: "/etc/digicert-uib"
apache_digicert_uib_archive: "{{ apache_digicert_uib_home }}/archive"
apache_digicert_uib_csr: "{{ apache_digicert_uib_home }}/csr"
- name: "create digicert-uib-folder"
file:
......@@ -12,12 +14,12 @@
mode: "0550"
loop:
- "{{ apache_digicert_uib_home }}"
- "{{ apache_digicert_uib_home }}/archive"
- "{{ apache_digicert_uib_home }}/csr"
- "{{ apache_digicert_uib_archive }}"
- "{{ apache_digicert_uib_csr }}"
- name: "create directory for vhosts"
file:
path: "{{ apache_digicert_uib_home }}/archive/{{ item.servername }}"
path: "{{ apache_digicert_uib_archive }}/{{ item.servername }}"
state: "directory"
owner: "root"
group: "root"
......@@ -28,7 +30,7 @@
- name: "stat archive"
stat:
path: "{{ apache_digicert_uib_home }}/archive"
path: "{{ apache_digicert_uib_archive }}"
register: apace_digicert_archive
- name: "prompt for renew"
......@@ -39,7 +41,7 @@
- name: "generate ssl private key"
openssl_privatekey:
path: "{{ apache_digicert_uib_home }}/archive/{{ item.servername }}/priv_key.pem"
path: "{{ apache_digicert_uib_archive }}/{{ item.servername }}/priv_key.pem"
backup: "yes"
size: "2048"
setype: "cert_t"
......@@ -49,7 +51,7 @@
- name: "generate an OpenSSL Certificate Signin request"
openssl_csr:
backup: "yes"
path: "{{ apache_digicert_uib_home }}/csr/{{ item.servername }}.csr"
path: "{{ apache_digicert_uib_csr }}/{{ item.servername }}.csr"
privatekey_path: "{{ apache_digicert_uib_home }}/archive/{{ item.servername }}/priv_key.pem"
country_name: "NO"
organization_name: "Universitetet_i_Bergen"
......@@ -63,22 +65,36 @@
subject: "csr certificate request for {{ item.servername }}"
to: "{{ item.serveradmin }}"
attach:
- "{{ apache_digicert_uib_home }}/csr/{{ item.servername }}.csr"
- "{{ apache_digicert_uib_csr}}/{{ item.servername }}.csr"
loop: "{{ apache_vhosts }}"
when: "item.ssl_type | default('certbot')== 'uib' and apache_csr_result.changed | bool"
- name: "create symlinks for private keys"
file:
state: "link"
src: "{{ apache_digicert_uib_home }}/archive/{{ item.servername }}/priv_key.pem"
src: "{{ apache_digicert_uib_archive }}/{{ item.servername }}/priv_key.pem"
dest: "/etc/pki/tls/private/{{item.servername }}.pem"
loop: "{{ apache_vhosts }}"
when: "item.ssl_type | default('certbot')== 'uib'"
- name: "Get certificate"
- name: "Get certificate with embedded chain (pem)"
loop: "{{ apache_vhosts }}"
get_url:
url: "{{ item.certificate_url }}"
setype: "cert_t"
dest: "{{ apache_digicert_uib_archive }}//{{ item.servername }}/cert.pem"
backup: "yes"
mode: "0444"
when: "item.ssl_type | default('certbot')== 'uib'"
- name: "Create symlinks for certificates to /etc/pki/"
loop: "{{ apache_vhosts }}"
file:
state: link"
src: "{{ apache_digicert_uib_archive }}/{{ item.servername }}/cert.pem"
dest: "/etc/pki/tls/certs/{{ item.servername }}.pem"
when: "item.ssl_type | default('certbot')== 'uib' and item.certificate_url is defined"
- name: "Add apache vhosts ssl template"
template:
src: "{{ apache_vhosts_template_ssl }}"
......
......@@ -28,7 +28,7 @@
{# block for setting sertificate for uib host #}
{% if vhost.ssl_type == 'uib' %} /etc/pki/tls/certs/domene.uib.no.crt
SSLCertificateFile {{ vhost.certificate_file | default('/etc/pki/tls/certs/'+ vhost.servername + '.crt') }}
SSLCertificateFile {{ vhost.certificate_file | default('/etc/pki/tls/certs/'+ vhost.servername + '.pem') }}
SSLCertificateKeyFile {{ vhost.certificate_key_file | default('/etc/pki/tls/private/' + vhvost.servername + '.key') }}
{% endif %}
{% if vhost.serveradmin is defined %}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment