No description

Find a file

nd ff1cfedadf initial commit		2019-10-13 17:49:12 +02:00
defaults	initial commit	2019-10-13 17:49:12 +02:00
tasks	initial commit	2019-10-13 17:49:12 +02:00
README.md	initial commit	2019-10-13 17:49:12 +02:00

README.md

Certificates

This module creates and signs Certificates using multiple backends, including letsencrypt.

Parameters

All configuration is to be placed inside the certificates dict.

# configuration for all backends, see below for options for all backends
backends:
  letsencrypt: *letsencrypt-backend-config*
  selfsigned: *selfsigned-backend-config*

# default options for certificates
defaults:
  country: "SU"
  province: "CYBER"
  city: "Cyberspace"
  org: "Tyrell Corporation"
  mail: "example@example.com"
  ou: "cyber"
  cn: ~
  san: []

# name: certificate name, value: config for a certificate. See below for definition  
certs: *certificate-config*

certificate-config: All settings here overwrite the default setting for a certificate.

# Country (string)
country: "SU"

# Province (string)
province: "CYBER"

# City (string)
city: "Cyberspace"

# Organisation (string)
org: "Tyrell Corporation"

# Mailaddress (string)
mail: "example@example.com"

# organizational unit name (string)
ou: "cyber"

# common name (string), will be set to first SAN if set to None
cn: ~

# subject alt names (list of strings)
san: []

Backends

Letsencrypt

Selfsigned

Paths

Certificates are stored at a defined location:

key: /etc/ssl/private/<cetname>.key
certificate: /etc/ssl/<certname>.crt
CSR: /etc/ssl/<certname>.csr
chain: /etc/ssl/<certname>.chain.crt
key, certificate and chain combined: /etc/ssl/private/<certname>.complete.pem