add cert_t type, add aes256 cipher, create symlinks, comment for uib cert examples

521a4c5b · Oyvind.Gjesdal · 664d0062 · 521a4c5b
Commit 521a4c5b authored Sep 29, 2020 by Oyvind.Gjesdal
--- a/tasks/uib_ssl.yml
+++ b/tasks/uib_ssl.yml
@@ -22,6 +22,7 @@
    owner: "root"
    group: "root"
    mode: "0550"
+    setype: "cert_t"
  loop: "{{ apache_vhosts }}"
  when: "item.ssl_type == 'uib'"

@@ -41,6 +42,8 @@
    path: "{{ apache_digicert_uib_home }}/archive/{{ item.servername }}/priv_key.pem"
    backup: "yes"
    size: "2048"
+    setype: "cert_t"
+    cipher: "aes256"
  loop: "{{ apache_vhosts }}"
  when: "item.ssl_type  | default('certbot')== 'uib'"

@@ -65,8 +68,23 @@
  loop: "{{ apache_vhosts }}"
  when: "item.ssl_type  | default('certbot')== 'uib' and apache_csr_result.changed | bool"

+- name: "set selinux label"
+
+- name: "create symlinks for private keys"
+  file:
+    state: "link"
+    src: ""{ apache_digicert_uib_home }}/archive/{{ item.servername }}/priv_key.pem"
+    dest: "/etc/pki/tls/private/{{item.servername }}.pem"
+  loop: "{{ apache_vhosts }}"
+  when: "item.ssl_type  | default('certbot')== 'uib'"
+
+  
 #- name: "get certificate url from ITA"
 #  prompt_vars: 
  #  get_url:
-    
+
+#SSLCertificateFile /etc/pki/tls/certs/domene.uib.no.crt
+#SSLCertificateKeyFile /etc/pki/tls/private/domene.uib.no.key
+# SSLCertificateChainFile /etc/pki/tls/certs/digicertca2.uib.no.crt
+
 # @todo multiple domains