Need help with ansible-role-ssl-certs?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

jdauphant
123 Stars 67 Forks BSD 2-Clause "Simplified" License 56 Commits 2 Opened issues

Description

Generate and/or deploy SSL certificate

Services available

!
?

Need anything else?

Contributors list

ansible-role-ssl-certs

@jdauphant : I don't have time to manage anymore this role. Don't hesitate to fork and made your own version.

Generate and/or deploy SSL certificate

Available on Ansible Galaxy: jdauphant.ssl-certs

Examples

Example to generate a self-signed SSL certificate

 - hosts: all
   roles:
     - jdauphant.ssl-certs

This will create certificate and private key in:

  • /etc/ssl/myserver.mydomain.com.key
  • /etc/ssl/myserver.mydomain.com.pem

Example to deploy a SSL certificate

 - hosts: all
   roles:
    - role: jdauphant.ssl-certs
      ssl_certs_common_name: "example.com"

The certificate has to be placed in

files/ssl/example.com.key
and
files/ssl/example.com.pem
. If they don't exist, the key and a self-signed certificate will be generated at
/etc/ssl/example.com/example.com.key
and
/etc/ssl/example.com/example.com.pem
using the provided common name.

Example to deploy a SSL certificate using local key/pem files

 - hosts: all
   roles:
    - role: jdauphant.ssl-certs
      ssl_certs_local_privkey_path: '/path/to/example.com.key'
      ssl_certs_local_cert_path: '/path/to/example.com.pem'

Example to deploy a SSL certificate stored in variables

An SSL certificate and key are just text that can be stored as a variable, which is useful when using ansible vault.

Example variable data, note how the text blob is indented. This is needed to correctly insert the text via the template module.

ssl_certs_local_privkey_data: |
  -----BEGIN RSA PRIVATE KEY-----
  MIIEpQIBAAKCAQEAu2uhv2cjoN4F3arUZ5cDrwuxf3koCwrKSK75as0WZoxYrpyw
  Lyx9ldyD4nGabVep0R/uAgQ/HqEf2jC7WIvGcEq8bHB9PyEEWzT8IjKQX0YTc//4
  gkHBkpyU0fVrj5nkc30EIbcbH4RHRDwye4VhP/iCPchDG7OqvCyOdm8=
  -----END RSA PRIVATE KEY-----
ssl_certs_local_cert_data: |
  -----BEGIN CERTIFICATE-----
  MIIDmzCCAoOgAwIBAgIJAKWMlgLwrBzXMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV
  QAL3naEfBSZBl0tBohuxn8Xd3yLPuKGUOk3pSL1IJy0Ca6p+QwjkaZUd9X3gf1V2
  SEfYSaGPvfIlSuHIshno
  -----END CERTIFICATE-----

Then simply include the role as in the first example.

Example to use this role with my Nginx role: jdauphant.nginx

 - hosts: all
   roles:
     - role: jdauphant.ssl-certs
       ssl_certs_generate_dh_param: true
     - role: jdauphant.nginx
       nginx_configs:
          ssl:
               - ssl_certificate_key {{ssl_certs_privkey_path}}
               - ssl_certificate     {{ssl_certs_cert_path}}
               - ssl_dhparam         {{ssl_certs_dhparam_path}}
       nginx_sites:
          default:
               - listen 443 ssl
               - server_name _
               - root "/usr/share/nginx/html"
               - index index.html

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.