36 lines
1.3 KiB
YAML
36 lines
1.3 KiB
YAML
# Create key and certificate files for a ocserv client. Run with:
|
|
#
|
|
# ansible-playbook playbooks/ocserv-create-user-cert.yml -euser=<username> -egroup=<group> [-edays=<days>]
|
|
#
|
|
# Default certificate lifetime is 365 days.
|
|
|
|
- hosts: vrata
|
|
gather_facts: false
|
|
tasks:
|
|
- name: Set certificate filename
|
|
set_fact:
|
|
filename: "{{ inventory_hostname }}-{{ user }}-{{ now(utc=true, fmt='%s.%f') }}"
|
|
|
|
- name: Create client key and signing request
|
|
delegate_to: localhost
|
|
shell:
|
|
cmd: |
|
|
openssl genpkey -algorithm rsa -out {{ filename }}.key
|
|
openssl req -new -subj /O=fri/OU={{ group }}/CN={{ user }} -key {{ filename }}.key -out {{ filename }}.csr
|
|
chdir: "{{ inventory_dir }}"
|
|
|
|
# create certificate and store a copy on the server
|
|
- name: Sign certificate request
|
|
shell:
|
|
cmd: >
|
|
openssl x509 -req -sha256 -CA /etc/ocserv/ca.crt -CAkey /etc/ocserv/ca.key -days "{{ days | default(365) }}"
|
|
| tee "{{ filename }}.crt"
|
|
stdin: "{{ lookup('file', inventory_dir+'/'+filename+'.csr') }}"
|
|
chdir: /var/lib/ocserv/certs
|
|
register: user_certificate
|
|
|
|
- name: Store client certificate
|
|
delegate_to: localhost
|
|
copy:
|
|
dest: "{{ inventory_dir }}/{{ filename }}.crt"
|
|
content: "{{ user_certificate.stdout }}"
|