added example config for ownca certs

2021-06-29 18:42:06 +02:00 · 2021-06-29 18:42:06 +02:00 · 93317c7a5c
commit 93317c7a5c
parent 30fc930c4d
1 changed files with 44 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -139,3 +139,47 @@ On the CA host for self signed certs those paths are used:
 * ca key: `<basepath>/ca.key`
 * ca cert: `<basepath>/ca.crt`
 * all signed certs: `<basepath>/signed/<certname>`
+
+## Examples
+
+### Ownca with CA host and certificates on multiple servers
+
+The certificate name can be different on all hosts.
+You can set more options like `san` as well.
+The CA name musst be the same on all hosts.
+<ca-host> musst be the inventory_hostname of the ca-host.
+
+**ca-host**
+```
+certificates:
+  certs:
+    "<certificate name on ca host>":
+      backend: ownca
+      cn: "{{ inventory_hostname }}"
+      backend_override:
+        name: <ca name>
+```
+
+**server01**
+```
+certificates:
+  certs:
+    "<certificate name on server01>":
+      backend: ownca
+      cn: "{{ inventory_hostname }}"
+      backend_override:
+        name: <ca name>
+        remote: <ca-host>
+```
+
+**server02**
+```
+certificates:
+  certs:
+    "<certificate name on server02>":
+      backend: ownca
+      cn: "{{ inventory_hostname }}"
+      backend_override:
+        name: <ca name>
+        remote: <ca-host>
+```