ocserv: add emailAddress to user certificates
Set to the same value as CN.
This commit is contained in:
parent
7bb27acd2c
commit
577c8c8849
1 changed files with 3 additions and 3 deletions
|
|
@ -1,6 +1,6 @@
|
||||||
# Create key and certificate files for a ocserv client. Run with:
|
# Create key and certificate files for a ocserv client. Run with:
|
||||||
#
|
#
|
||||||
# ansible-playbook playbooks/ocserv-create-user-cert.yml -euser=<username> -egroup=<group> [-edays=<days>]
|
# ansible-playbook playbooks/ocserv-create-user-cert.yml -email=<email> -egroup=<group> [-edays=<days>]
|
||||||
#
|
#
|
||||||
# Default certificate lifetime is 365 days.
|
# Default certificate lifetime is 365 days.
|
||||||
|
|
||||||
|
|
@ -9,14 +9,14 @@
|
||||||
tasks:
|
tasks:
|
||||||
- name: Set certificate filename
|
- name: Set certificate filename
|
||||||
set_fact:
|
set_fact:
|
||||||
filename: "{{ inventory_hostname }}-{{ user }}-{{ now(utc=true, fmt='%s.%f') }}"
|
filename: "{{ inventory_hostname }}-{{ mail }}-{{ now(utc=true, fmt='%s.%f') }}"
|
||||||
|
|
||||||
- name: Create client key and signing request
|
- name: Create client key and signing request
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
shell:
|
shell:
|
||||||
cmd: |
|
cmd: |
|
||||||
openssl genpkey -algorithm rsa -out {{ filename }}.key
|
openssl genpkey -algorithm rsa -out {{ filename }}.key
|
||||||
openssl req -new -subj /O=fri/OU={{ group }}/CN={{ user }} -key {{ filename }}.key -out {{ filename }}.csr
|
openssl req -new -subj "/O=fri/OU={{ group }}/CN={{ mail }}/emailAddress={{ mail }}/" -key {{ filename }}.key -out {{ filename }}.csr
|
||||||
chdir: "{{ inventory_dir }}"
|
chdir: "{{ inventory_dir }}"
|
||||||
|
|
||||||
# create certificate and store a copy on the server
|
# create certificate and store a copy on the server
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue