How to Generate SSL Certificate using Ansible | Generation CSR using Ansible
In this tutorial we will install openssl package and use following listed modules
Openssl_privatekey - To generate private key
Openssl_csr - To generate csr file
Openssl_certificate - To Generate certificate
Before we start this tutorial we read example and doc of all module
ansible-doc openssl_privatekeyansible-doc openssl_csransible-doc openssl_certificate
Step 1:
Go to ansible main directory and create yml file with suitable name
cd /etc/ansiblevi ssl-certs.yml
#We define name and hosts entry for execution of this playbook, you can replace 127.0.0.1 with your targeted hosts or group
---
- name: generate ssl certificate
hosts: 127.0.0.1
gather_facts: false
tasks:
- name: Install openssl package
yum: name=openssl state=latest
# This is optional steps to keep ssl certificate, create a directory
- name: Create ssl directory
file: path=/etc/ssl/linuxtopic state=directory mode=0775
# Now we will generate a private key by using a "openssl_privatekey" module
- name: Generate Private key
openssl_privatekey: path=/etc/ssl/linuxtopic/server-master.key
# After generation of key we will generate csr with the help of "openssl_csr" module
- name: Generate CSR
openssl_csr:
path: /etc/ssl/linuxtopic/linuxtopic-client.csr
privatekey_path: /etc/ssl/linuxtopic/server-master.key
common_name: linuxtopic.com
country_name: IN
email_address: lokesh@linuxtopic.com
organization_name: linuxtopic
# at the end of the tasks we will generate certificate using "openssl_certificate" module
- name: Generate a self signed certificate
openssl_certificate:
csr_path: /etc/ssl/linuxtopic/linuxtopic-client.csr
path: /etc/ssl/linuxtopic/linuxtopic-self-signed.crt
privatekey_path: /etc/ssl/linuxtopic/server-master.key
provider: selfsigned
Step 2:
To execute ansible playbook
ansible-playbook ssl-certs.yml
Step 3:
To Verify
ls -lah /etc/ssl/linuxtopic/
Your support is must so Please Like, share and comment on this ansible artical.
Thanks,
www.linuxtopic.com
Leave a Comment