rc/servers
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ocserv: add emailAddress to user certificates

Browse source 
Set to the same value as CN.
This commit is contained in:
Timotej Lazar 2025-08-11 15:47:42 +02:00
parent 7bb27acd2c
commit 577c8c8849
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
playbooks/ocserv-create-user-cert.yml
View file

@ -1,6 +1,6 @@
# Create key and certificate files for a ocserv client. Run with:
#
# ansible-playbook playbooks/ocserv-create-user-cert.yml -euser=<username> -egroup=<group> [-edays=<days>]
# ansible-playbook playbooks/ocserv-create-user-cert.yml -email=<email> -egroup=<group> [-edays=<days>]
#
# Default certificate lifetime is 365 days.
@ -9,14 +9,14 @@
tasks:
- name: Set certificate filename
set_fact:
filename: "{{ inventory_hostname }}-{{ user }}-{{ now(utc=true, fmt='%s.%f') }}"
filename: "{{ inventory_hostname }}-{{ mail }}-{{ now(utc=true, fmt='%s.%f') }}"
- name: Create client key and signing request
delegate_to: localhost
shell:
cmd: |
openssl genpkey -algorithm rsa -out {{ filename }}.key
openssl req -new -subj /O=fri/OU={{ group }}/CN={{ user }} -key {{ filename }}.key -out {{ filename }}.csr
openssl req -new -subj "/O=fri/OU={{ group }}/CN={{ mail }}/emailAddress={{ mail }}/" -key {{ filename }}.key -out {{ filename }}.csr
chdir: "{{ inventory_dir }}"
# create certificate and store a copy on the server