initial commit

README.md

@@ -0,0 +1,70 @@
+# Certificates
+
+This module creates and signs Certificates using multiple backends, including letsencrypt.
+
+## Parameters
+
+All configuration is to be placed inside the `certificates` dict.
+
+```
+# configuration for all backends, see below for options for all backends
+backends:
+  letsencrypt: *letsencrypt-backend-config*
+  selfsigned: *selfsigned-backend-config*
+
+# default options for certificates
+defaults:
+  country: "SU"
+  province: "CYBER"
+  city: "Cyberspace"
+  org: "Tyrell Corporation"
+  mail: "example@example.com"
+  ou: "cyber"
+  cn: ~
+  san: []
+
+# name: certificate name, value: config for a certificate. See below for definition  
+certs: *certificate-config*
+```
+
+**certificate-config:**
+All settings here overwrite the default setting for a certificate.
+```
+# Country (string)
+country: "SU"
+
+# Province (string)
+province: "CYBER"
+
+# City (string)
+city: "Cyberspace"
+
+# Organisation (string)
+org: "Tyrell Corporation"
+
+# Mailaddress (string)
+mail: "example@example.com"
+
+# organizational unit name (string)
+ou: "cyber"
+
+# common name (string), will be set to first SAN if set to None
+cn: ~
+
+# subject alt names (list of strings)
+san: []
+```
+
+### Backends
+#### Letsencrypt
+#### Selfsigned
+
+## Paths
+
+Certificates are stored at a defined location:
+
+* key: `/etc/ssl/private/<cetname>.key`
+* certificate: `/etc/ssl/<certname>.crt`
+* CSR: `/etc/ssl/<certname>.csr`
+* chain: `/etc/ssl/<certname>.chain.crt`
+* key, certificate and chain combined: `/etc/ssl/private/<certname>.complete.pem`