Merge branch 'master' of ssh://git-ssh.notandy.de:2222/ansible/roles/certificates

README.md

@@ -139,3 +139,47 @@ On the CA host for self signed certs those paths are used:
 * ca key: `<basepath>/ca.key`
 * ca cert: `<basepath>/ca.crt`
 * all signed certs: `<basepath>/signed/<certname>`
+
+## Examples
+
+### Ownca with CA host and certificates on multiple servers
+
+The certificate name can be different on all hosts.
+You can set more options like `san` as well.
+The CA name musst be the same on all hosts.
+<ca-host> musst be the inventory_hostname of the ca-host.
+
+**ca-host**
+```
+certificates:
+  certs:
+    "<certificate name on ca host>":
+      backend: ownca
+      cn: "{{ inventory_hostname }}"
+      backend_override:
+        name: <ca name>
+```
+
+**server01**
+```
+certificates:
+  certs:
+    "<certificate name on server01>":
+      backend: ownca
+      cn: "{{ inventory_hostname }}"
+      backend_override:
+        name: <ca name>
+        remote: <ca-host>
+```
+
+**server02**
+```
+certificates:
+  certs:
+    "<certificate name on server02>":
+      backend: ownca
+      cn: "{{ inventory_hostname }}"
+      backend_override:
+        name: <ca name>
+        remote: <ca-host>
+```