From 93317c7a5cd63800d08572798d3c703a942cbfca Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Tue, 29 Jun 2021 18:42:06 +0200
Subject: [PATCH] added example config for ownca certs

---
 README.md | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/README.md b/README.md
index bb480f3..ae92622 100644
--- a/README.md
+++ b/README.md
@@ -139,3 +139,47 @@ On the CA host for self signed certs those paths are used:
 * ca key: `<basepath>/ca.key`
 * ca cert: `<basepath>/ca.crt`
 * all signed certs: `<basepath>/signed/<certname>`
+
+## Examples
+
+### Ownca with CA host and certificates on multiple servers
+
+The certificate name can be different on all hosts.
+You can set more options like `san` as well.
+The CA name musst be the same on all hosts.
+<ca-host> musst be the inventory_hostname of the ca-host.
+
+**ca-host**
+```
+certificates:
+  certs:
+    "<certificate name on ca host>":
+      backend: ownca
+      cn: "{{ inventory_hostname }}"
+      backend_override:
+        name: <ca name>
+```
+
+**server01**
+```
+certificates:
+  certs:
+    "<certificate name on server01>":
+      backend: ownca
+      cn: "{{ inventory_hostname }}"
+      backend_override:
+        name: <ca name>
+        remote: <ca-host>
+```
+
+**server02**
+```
+certificates:
+  certs:
+    "<certificate name on server02>":
+      backend: ownca
+      cn: "{{ inventory_hostname }}"
+      backend_override:
+        name: <ca name>
+        remote: <ca-host>
+```