{"id":15774772,"url":"https://github.com/jtyr/ansible-system_ca","last_synced_at":"2026-05-01T15:32:04.721Z","repository":{"id":69603645,"uuid":"146938361","full_name":"jtyr/ansible-system_ca","owner":"jtyr","description":"Ansible role which helps to add/remove system CA certificates.","archived":false,"fork":false,"pushed_at":"2019-09-24T10:18:40.000Z","size":4,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-12-06T19:53:40.533Z","etag":null,"topics":["ansible","ansible-role","cacert","ssl"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jtyr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-08-31T20:13:53.000Z","updated_at":"2019-12-31T18:00:10.000Z","dependencies_parsed_at":null,"dependency_job_id":"a0e4ec53-5026-4473-b4c1-d1f7d90eb328","html_url":"https://github.com/jtyr/ansible-system_ca","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/jtyr/ansible-system_ca","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jtyr%2Fansible-system_ca","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jtyr%2Fansible-system_ca/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jtyr%2Fansible-system_ca/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jtyr%2Fansible-system_ca/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jtyr","download_url":"https://codeload.github.com/jtyr/ansible-system_ca/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jtyr%2Fansible-system_ca/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32503025,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","cacert","ssl"],"created_at":"2024-10-04T16:40:40.479Z","updated_at":"2026-05-01T15:32:04.704Z","avatar_url":"https://github.com/jtyr.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"system_ca\n=========\n\nAnsible role which helps to add/remove system CA certificates.\n\nThe configuration of the role is done in such way that it should not be necessary\nto change the role for any kind of configuration. All can be done either by\nchanging role parameters or by declaring completely new configuration as a\nvariable. That makes this role absolutely universal. See the examples below for\nmore details.\n\nPlease report any issues or send PR.\n\n\nExamples\n--------\n\n```yaml\n---\n\n- name: Deploy CA certs\n  hosts: all\n  become: yes\n  vars:\n    # List of CAs\n    system_ca_certs:\n      # Creates CA called 'thawte_Primary_Root_CA.crt'\n      - name: thawte_Primary_Root_CA\n        # The content of the CA specified as test\n        content: |\n          -----BEGIN CERTIFICATE-----\n          MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB\n          qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf\n          Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw\n          MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV\n          BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw\n          NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j\n          LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG\n          A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n          IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG\n          SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs\n          W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta\n          3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk\n          6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6\n          Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J\n          NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n          MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP\n          r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU\n          DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz\n          YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX\n          xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2\n          /qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/\n          LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7\n          jVaMaA==\n          -----END CERTIFICATE-----\n      # Creates CA called 'InternalRootCA.crt'\n      - name: InternalRootCA\n        # Optionally specify file permissions\n        owner: sys\n        group: nobody\n        mode: \"0640\"\n        # The content of the CA specified a file\n        content: \"{{ lookup('file', 'InternalRootCA.crt') }}\"\n      # Blacklist CA called 'CompanyRootCA.crt' (works only on RedHat!)\n      - name: CompanyRootCA\n        # Places the cert into /etc/pki/ca-trust/source/blacklist instead of /etc/pki/ca-trust/source/anchors\n        subdir: blacklist\n        content: \"{{ lookup('file', 'CompanyRootCA.crt') }}\"\n      # Removes CA named 'test.crt'\n      - name: test\n        state: absent\n  roles:\n    - system_ca\n```\n\n\nRole variables\n--------------\n\nVariables used by the role:\n\n```yaml\n# Base dir for RedHat CAs\nsystem_ca_redhat_dest_base: /etc/pki/ca-trust/source\n\n# Subdirectory in the /etc/pki/ca-trust/source\n# (set it to empty string to place files in /etc/pki/ca-trust/source)\nsystem_ca_redhat_dest_subdir: anchors\n\n# Base dir for Debian/Ubuntu CAs\nsystem_ca_debian_dest_base: /usr/local/share/ca-certificates\n\n# Default cert owner\nsystem_ca_owner: root\n\n# Default cert group\nsystem_ca_group: root\n\n# Defautl cert mode\nsystem_ca_mode: \"0644\"\n\n# Update command for RedHat\nsystem_ca_redhat_update_cmd: update-ca-trust extract\n\n# Update command for Debian/Ubuntu\nsystem_ca_debian_update_cmd: update-ca-certificates\n\n# List of certificates (see README for more details)\nsystem_ca_certs: []\n```\n\n\nLicense\n-------\n\nMIT\n\n\nAuthor\n------\n\nJiri Tyr\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjtyr%2Fansible-system_ca","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjtyr%2Fansible-system_ca","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjtyr%2Fansible-system_ca/lists"}