infra/ansible-role-certificates
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of ssh://git-ssh.notandy.de:2222/ansible/roles/certificates

Browse source
This commit is contained in:
nd 2021-07-17 00:19:30 +02:00
commit 6b71783a9e
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
1 changed files with 44 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

44
README.md
View file

@ -139,3 +139,47 @@ On the CA host for self signed certs those paths are used:
* ca key: `<basepath>/ca.key` * ca key: `<basepath>/ca.key`
* ca cert: `<basepath>/ca.crt` * ca cert: `<basepath>/ca.crt`
* all signed certs: `<basepath>/signed/<certname>` * all signed certs: `<basepath>/signed/<certname>`
## Examples
### Ownca with CA host and certificates on multiple servers
The certificate name can be different on all hosts.
You can set more options like `san` as well.
The CA name musst be the same on all hosts.
<ca-host> musst be the inventory_hostname of the ca-host.
**ca-host**
```
certificates:
certs:
"<certificate name on ca host>":
backend: ownca
cn: "{{ inventory_hostname }}"
backend_override:
name: <ca name>
```
**server01**
```
certificates:
certs:
"<certificate name on server01>":
backend: ownca
cn: "{{ inventory_hostname }}"
backend_override:
name: <ca name>
remote: <ca-host>
```
**server02**
```
certificates:
certs:
"<certificate name on server02>":
backend: ownca
cn: "{{ inventory_hostname }}"
backend_override:
name: <ca name>
remote: <ca-host>
```