{"id":19402173,"url":"https://github.com/robertdebock/ansible-role-ca","last_synced_at":"2026-03-09T16:05:24.397Z","repository":{"id":40676466,"uuid":"161813233","full_name":"robertdebock/ansible-role-ca","owner":"robertdebock","description":"Install and configure a certificate authority on your system.","archived":false,"fork":false,"pushed_at":"2025-10-16T11:29:34.000Z","size":329,"stargazers_count":7,"open_issues_count":2,"forks_count":8,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-29T17:46:03.662Z","etag":null,"topics":["ansible","authority","ca","certificate","molecule","openssl","playbook","security","tox"],"latest_commit_sha":null,"homepage":"https://robertdebock.nl/","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/robertdebock.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"robertdebock"}},"created_at":"2018-12-14T16:36:07.000Z","updated_at":"2025-10-16T11:29:37.000Z","dependencies_parsed_at":"2024-01-30T11:58:49.782Z","dependency_job_id":"cc471953-a656-4512-9bc4-b36f29f7605f","html_url":"https://github.com/robertdebock/ansible-role-ca","commit_stats":null,"previous_names":[],"tags_count":62,"template":false,"template_full_name":null,"purl":"pkg:github/robertdebock/ansible-role-ca","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-ca","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-ca/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-ca/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-ca/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/robertdebock","download_url":"https://codeload.github.com/robertdebock/ansible-role-ca/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-ca/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30301548,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T14:33:48.460Z","status":"ssl_error","status_checked_at":"2026-03-09T14:33:48.027Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","authority","ca","certificate","molecule","openssl","playbook","security","tox"],"created_at":"2024-11-10T11:22:25.426Z","updated_at":"2026-03-09T16:05:24.388Z","avatar_url":"https://github.com/robertdebock.png","language":"Jinja","funding_links":["https://github.com/sponsors/robertdebock"],"categories":[],"sub_categories":[],"readme":"# [Ansible role ca](#ansible-role-ca)\n\nInstall and configure a certificate authority on your system.\n\n|GitHub|GitLab|Downloads|Version|\n|------|------|---------|-------|\n|[![github](https://github.com/robertdebock/ansible-role-ca/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-ca/actions)|[![gitlab](https://gitlab.com/robertdebock-iac/ansible-role-ca/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-ca)|[![downloads](https://img.shields.io/ansible/role/d/robertdebock/ca)](https://galaxy.ansible.com/robertdebock/ca)|[![Version](https://img.shields.io/github/release/robertdebock/ansible-role-ca.svg)](https://github.com/robertdebock/ansible-role-ca/releases/)|\n\n## [Example Playbook](#example-playbook)\n\nThis example is taken from [`molecule/default/converge.yml`](https://github.com/robertdebock/ansible-role-ca/blob/master/molecule/default/converge.yml) and is tested on each push, pull request and release.\n\n```yaml\n---\n- name: Converge\n  hosts: all\n  become: true\n  gather_facts: true\n\n  roles:\n    - role: robertdebock.ca\n```\n\nThe machine needs to be prepared. In CI this is done using [`molecule/default/prepare.yml`](https://github.com/robertdebock/ansible-role-ca/blob/master/molecule/default/prepare.yml):\n\n```yaml\n---\n- name: Prepare\n  hosts: all\n  become: true\n  gather_facts: false\n\n  roles:\n    - role: robertdebock.bootstrap\n    - role: robertdebock.buildtools\n    - role: robertdebock.epel\n    - role: robertdebock.python_pip\n    - role: robertdebock.openssl\n      openssl_items:\n        - name: apache-httpd\n          common_name: \"{{ ansible_fqdn }}\"\n    - role: robertdebock.httpd\n```\n\nAlso see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles.\n\n## [Role Variables](#role-variables)\n\nThe default values for the variables are set in [`defaults/main.yml`](https://github.com/robertdebock/ansible-role-ca/blob/master/defaults/main.yml):\n\n```yaml\n---\n# defaults file for ca\n\n# set ca_init: 'yes' to create CA\nca_init: true\n\n# ca_own_root: 'yes' if you want to have yout own root CA.\n# if no, set ca_certificate_path manually\nca_own_root: true\n\n# A passphrase for the CA key.\nca_passphrase: SuP3rS3creT\n\n# The common name for the CA.\nca_common_name: example.com\n\n# Other details for the CA.\nca_country_name: NL\nca_email_address: robert@meinit.nl\nca_organization_name: Very little\nca_organizational_unit_name: Even less\nca_state_or_province_name: Utrecht\nca_locality_name: Utrecht\n\n# There are two formats to request a key and certificate:\n# 1. With details: (Includes `name:`)\n# ca_requests:\n#   - name: certificate1.example.com\n#     passphrase: S3creT\n#\n# 2. Without details: (Does not include `name:`)\n# ca_requests:\n#   - \"{{ ansible_fqdn }}\"\n\n# You can also mix these formats:\n# ca_requests:\n#   - name: certificate1.example.com\n#     passphrase: S3creT\n#   - \"{{ ansible_fqdn }}\"\n\n# Where to publish the certificates, normally a webserver location.\n# If not specified, certificates will not be published.\n# {{ httpd_data_directory }} is inheritted from the role robertdebock.httpd.\nca_publication_location: \"{{ httpd_data_directory | default('/tmp') }}/pub\"\n\n# Where do the certificates need to be stored? By default the distribution\n# preferred locations are used (see `vars/main.yml`, under `_ca_openssl_path`.\n# If you need a CA certificate somewhere else, simple use something like this:\n# ca_openssl_path: /my/preferred/path\nca_openssl_path: \"{{ _ca_openssl_path[ansible_os_family] | default(_ca_openssl_path['default']) }}\"\n```\n\n## [Requirements](#requirements)\n\n- pip packages listed in [requirements.txt](https://github.com/robertdebock/ansible-role-ca/blob/master/requirements.txt).\n\n## [State of used roles](#state-of-used-roles)\n\nThe following roles are used to prepare a system. You can prepare your system in another way.\n\n| Requirement | GitHub | GitLab |\n|-------------|--------|--------|\n|[robertdebock.bootstrap](https://galaxy.ansible.com/robertdebock/bootstrap)|[![Build Status GitHub](https://github.com/robertdebock/ansible-role-bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-bootstrap/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-bootstrap/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-bootstrap)|\n|[robertdebock.buildtools](https://galaxy.ansible.com/robertdebock/buildtools)|[![Build Status GitHub](https://github.com/robertdebock/ansible-role-buildtools/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-buildtools/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-buildtools/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-buildtools)|\n|[robertdebock.epel](https://galaxy.ansible.com/robertdebock/epel)|[![Build Status GitHub](https://github.com/robertdebock/ansible-role-epel/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-epel/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-epel/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-epel)|\n|[robertdebock.httpd](https://galaxy.ansible.com/robertdebock/httpd)|[![Build Status GitHub](https://github.com/robertdebock/ansible-role-httpd/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-httpd/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-httpd/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-httpd)|\n|[robertdebock.openssl](https://galaxy.ansible.com/robertdebock/openssl)|[![Build Status GitHub](https://github.com/robertdebock/ansible-role-openssl/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-openssl/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-openssl/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-openssl)|\n|[robertdebock.python_pip](https://galaxy.ansible.com/robertdebock/python_pip)|[![Build Status GitHub](https://github.com/robertdebock/ansible-role-python_pip/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-python_pip/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-python_pip/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-python_pip)|\n\n## [Context](#context)\n\nThis role is part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information.\n\nHere is an overview of related roles:\n![dependencies](https://raw.githubusercontent.com/robertdebock/ansible-role-ca/png/requirements.png \"Dependencies\")\n\n## [Compatibility](#compatibility)\n\nThis role has been tested on these [container images](https://hub.docker.com/u/robertdebock):\n\n|container|tags|\n|---------|----|\n|[EL](https://hub.docker.com/r/robertdebock/enterpriselinux)|9|\n|[Debian](https://hub.docker.com/r/robertdebock/debian)|all|\n|[Fedora](https://hub.docker.com/r/robertdebock/fedora)|all|\n|[Ubuntu](https://hub.docker.com/r/robertdebock/ubuntu)|noble, jammy|\n\nThe minimum version of Ansible required is 2.12, tests have been done on:\n\n- The previous version.\n- The current version.\n- The development version.\n\nIf you find issues, please register them on [GitHub](https://github.com/robertdebock/ansible-role-ca/issues).\n\n## [License](#license)\n\n[Apache-2.0](https://github.com/robertdebock/ansible-role-ca/blob/master/LICENSE).\n\n## [Author Information](#author-information)\n\n[robertdebock](https://robertdebock.nl/)\n\nPlease consider [sponsoring me](https://github.com/sponsors/robertdebock).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobertdebock%2Fansible-role-ca","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frobertdebock%2Fansible-role-ca","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobertdebock%2Fansible-role-ca/lists"}