rc/servers
5
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
servers/playbooks/ocserv-create-user-cert.yml
Timotej Lazar 577c8c8849 ocserv: add emailAddress to user certificates 
Set to the same value as CN.
2025-08-11 15:47:42 +02:00

36 lines
1.3 KiB
YAML
Raw Blame History

# Create key and certificate files for a ocserv client. Run with:
#
# ansible-playbook playbooks/ocserv-create-user-cert.yml -email=<email> -egroup=<group> [-edays=<days>]
#
# Default certificate lifetime is 365 days.
- hosts: vrata
gather_facts: false
tasks:
- name: Set certificate filename
set_fact:
filename: "{{ inventory_hostname }}-{{ mail }}-{{ now(utc=true, fmt='%s.%f') }}"
- name: Create client key and signing request
delegate_to: localhost
shell:
cmd: |
openssl genpkey -algorithm rsa -out {{ filename }}.key
openssl req -new -subj "/O=fri/OU={{ group }}/CN={{ mail }}/emailAddress={{ mail }}/" -key {{ filename }}.key -out {{ filename }}.csr
chdir: "{{ inventory_dir }}"
# create certificate and store a copy on the server
- name: Sign certificate request
shell:
cmd: >
openssl x509 -req -sha256 -CA /etc/ocserv/ca.crt -CAkey /etc/ocserv/ca.key -days "{{ days | default(365) }}"
| tee "{{ filename }}.crt"
stdin: "{{ lookup('file', inventory_dir+'/'+filename+'.csr') }}"
chdir: /var/lib/ocserv/certs
register: user_certificate
- name: Store client certificate
delegate_to: localhost
copy:
dest: "{{ inventory_dir }}/{{ filename }}.crt"
content: "{{ user_certificate.stdout }}"
Reference in a new issue View git blame Copy permalink