summaryrefslogtreecommitdiffstats
path: root/ansible
diff options
context:
space:
mode:
Diffstat (limited to 'ansible')
-rw-r--r--ansible/roles/certificates/tasks/generate-certificates.yml18
1 files changed, 2 insertions, 16 deletions
diff --git a/ansible/roles/certificates/tasks/generate-certificates.yml b/ansible/roles/certificates/tasks/generate-certificates.yml
index 9bf75fff..43b774bc 100644
--- a/ansible/roles/certificates/tasks/generate-certificates.yml
+++ b/ansible/roles/certificates/tasks/generate-certificates.yml
@@ -20,13 +20,13 @@
country_name: "{{ certificates.country_name }}"
locality_name: "{{ certificates.locality_name }}"
basic_constraints:
- - CA:true
+ - CA:TRUE
basic_constraints_critical: true
key_usage:
- - critical
- digitalSignature
- cRLSign
- keyCertSign
+ key_usage_critical: true
- name: Generate root CA certificate
openssl_certificate:
@@ -34,19 +34,12 @@
path: "{{ certificates_local_dir }}/rootCA.crt"
csr_path: "{{ certificates_local_dir }}/rootCA.csr"
privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
- key_usage:
- - critical
- - digitalSignature
- - cRLSign
- - keyCertSign
- force: true
notify: Restart Docker
- name: Generate private Nexus key
openssl_privatekey:
path: "{{ certificates_local_dir }}/nexus_server.key"
size: 4096
- force: false
- name: Generate Nexus CSR (certificate signing request)
openssl_csr:
@@ -75,10 +68,3 @@
csr_path: "{{ certificates_local_dir }}/nexus_server.csr"
ownca_path: "{{ certificates_local_dir }}/rootCA.crt"
ownca_privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
- key_usage:
- - digitalSignature
- - nonRepudiation
- - keyEncipherment
- - dataEncipherment
- subject_alt_name:
- "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"