Commit 521a4c5b authored by Oyvind.Gjesdal's avatar Oyvind.Gjesdal
Browse files

add cert_t type, add aes256 cipher, create symlinks, comment for uib cert examples

parent 664d0062
......@@ -22,6 +22,7 @@
owner: "root"
group: "root"
mode: "0550"
setype: "cert_t"
loop: "{{ apache_vhosts }}"
when: "item.ssl_type == 'uib'"
......@@ -41,6 +42,8 @@
path: "{{ apache_digicert_uib_home }}/archive/{{ item.servername }}/priv_key.pem"
backup: "yes"
size: "2048"
setype: "cert_t"
cipher: "aes256"
loop: "{{ apache_vhosts }}"
when: "item.ssl_type | default('certbot')== 'uib'"
......@@ -65,8 +68,23 @@
loop: "{{ apache_vhosts }}"
when: "item.ssl_type | default('certbot')== 'uib' and apache_csr_result.changed | bool"
- name: "set selinux label"
- name: "create symlinks for private keys"
file:
state: "link"
src: ""{ apache_digicert_uib_home }}/archive/{{ item.servername }}/priv_key.pem"
dest: "/etc/pki/tls/private/{{item.servername }}.pem"
loop: "{{ apache_vhosts }}"
when: "item.ssl_type | default('certbot')== 'uib'"
#- name: "get certificate url from ITA"
# prompt_vars:
# get_url:
#SSLCertificateFile /etc/pki/tls/certs/domene.uib.no.crt
#SSLCertificateKeyFile /etc/pki/tls/private/domene.uib.no.key
# SSLCertificateChainFile /etc/pki/tls/certs/digicertca2.uib.no.crt
# @todo multiple domains
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment