Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jdauphant/ansible-role-ssl-certs
Generate and/or deploy SSL certificate
https://github.com/jdauphant/ansible-role-ssl-certs
ansible ansible-role nginx ssl
Last synced: about 1 month ago
JSON representation
Generate and/or deploy SSL certificate
- Host: GitHub
- URL: https://github.com/jdauphant/ansible-role-ssl-certs
- Owner: jdauphant
- License: bsd-2-clause
- Archived: true
- Created: 2014-02-04T10:34:37.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2020-04-25T15:59:54.000Z (over 4 years ago)
- Last Synced: 2024-09-26T05:33:57.288Z (about 2 months ago)
- Topics: ansible, ansible-role, nginx, ssl
- Size: 34.2 KB
- Stars: 128
- Watchers: 7
- Forks: 63
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-list-ansible - ansible-role-ssl-certs
README
ansible-role-ssl-certs
======================
## @jdauphant : I don't have time to manage anymore this role. Don't hesitate to fork and made your own version.
Generate and/or deploy SSL certificate
Available on Ansible Galaxy: [jdauphant.ssl-certs](https://galaxy.ansible.com/jdauphant/ssl-certs/)
# Examples
## Example to generate a self-signed SSL certificate
```YAML
- hosts: all
roles:
- jdauphant.ssl-certs
```
This will create certificate and private key in:
- `/etc/ssl/myserver.mydomain.com.key`
- `/etc/ssl/myserver.mydomain.com.pem`
## Example to deploy a SSL certificate
```YAML
- hosts: all
roles:
- role: jdauphant.ssl-certs
ssl_certs_common_name: "example.com"
```
The certificate has to be placed in `files/ssl/example.com.key` and `files/ssl/example.com.pem`. If
they don't exist, the key and a **self-signed** certificate will be generated at
`/etc/ssl/example.com/example.com.key` and `/etc/ssl/example.com/example.com.pem` using the provided common name.
## Example to deploy a SSL certificate using local key/pem files
```YAML
- hosts: all
roles:
- role: jdauphant.ssl-certs
ssl_certs_local_privkey_path: '/path/to/example.com.key'
ssl_certs_local_cert_path: '/path/to/example.com.pem'
```
## Example to deploy a SSL certificate stored in variables
An SSL certificate and key are just text that can be stored as a variable, which is useful when
using ansible vault.
Example variable data, note how the text blob is indented. This is needed to correctly insert the
text via the template module.
```YAML
ssl_certs_local_privkey_data: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAu2uhv2cjoN4F3arUZ5cDrwuxf3koCwrKSK75as0WZoxYrpyw
Lyx9ldyD4nGabVep0R/uAgQ/HqEf2jC7WIvGcEq8bHB9PyEEWzT8IjKQX0YTc//4
gkHBkpyU0fVrj5nkc30EIbcbH4RHRDwye4VhP/iCPchDG7OqvCyOdm8=
-----END RSA PRIVATE KEY-----
ssl_certs_local_cert_data: |
-----BEGIN CERTIFICATE-----
MIIDmzCCAoOgAwIBAgIJAKWMlgLwrBzXMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV
QAL3naEfBSZBl0tBohuxn8Xd3yLPuKGUOk3pSL1IJy0Ca6p+QwjkaZUd9X3gf1V2
SEfYSaGPvfIlSuHIshno
-----END CERTIFICATE-----
```
Then simply include the role as in the first example.
## Example to use this role with my Nginx role: [jdauphant.nginx](https://github.com/jdauphant/ansible-role-nginx)
```YAML
- hosts: all
roles:
- role: jdauphant.ssl-certs
ssl_certs_generate_dh_param: true
- role: jdauphant.nginx
nginx_configs:
ssl:
- ssl_certificate_key {{ssl_certs_privkey_path}}
- ssl_certificate {{ssl_certs_cert_path}}
- ssl_dhparam {{ssl_certs_dhparam_path}}
nginx_sites:
default:
- listen 443 ssl
- server_name _
- root "/usr/share/nginx/html"
- index index.html
```