ansible/test/integration/targets/openssl_certificate/tasks/selfsigned.yml

200 lines
5.6 KiB
YAML
Raw Normal View History

---
2018-06-21 09:11:00 +02:00
- name: Generate privatekey
openssl_privatekey:
path: '{{ output_dir }}/privatekey.pem'
- name: Generate privatekey with password
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography
2018-06-21 09:11:00 +02:00
- name: Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.example.com
- name: Generate selfsigned certificate
openssl_certificate:
path: '{{ output_dir }}/cert.pem'
csr_path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: selfsigned
selfsigned_digest: sha256
register: selfsigned_certificate
- name: Generate selfsigned certificate
openssl_certificate:
path: '{{ output_dir }}/cert.pem'
csr_path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: selfsigned
selfsigned_digest: sha256
register: selfsigned_certificate_idempotence
- name: Generate selfsigned certificate (check mode)
openssl_certificate:
path: '{{ output_dir }}/cert.pem'
csr_path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: selfsigned
selfsigned_digest: sha256
check_mode: yes
- name: Check selfsigned certificate
openssl_certificate:
path: '{{ output_dir }}/cert.pem'
privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: assertonly
has_expired: False
version: 3
signature_algorithms:
- sha256WithRSAEncryption
- sha256WithECDSAEncryption
subject:
commonName: www.example.com
- name: Generate selfsigned v2 certificate
openssl_certificate:
path: '{{ output_dir }}/cert_v2.pem'
csr_path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: selfsigned
selfsigned_digest: sha256
selfsigned_version: 2
- name: Generate privatekey2
openssl_privatekey:
path: '{{ output_dir }}/privatekey2.pem'
- name: Generate CSR2
openssl_csr:
subject:
CN: www.example.com
C: US
ST: California
L: Los Angeles
O: ACME Inc.
OU:
- Roadrunner pest control
- Pyrotechnics
path: '{{ output_dir }}/csr2.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
keyUsage:
- digitalSignature
extendedKeyUsage:
- ipsecUser
- biometricInfo
- name: Generate selfsigned certificate2
openssl_certificate:
path: '{{ output_dir }}/cert2.pem'
csr_path: '{{ output_dir }}/csr2.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
provider: selfsigned
selfsigned_digest: sha256
- name: Check selfsigned certificate2
openssl_certificate:
path: '{{ output_dir }}/cert2.pem'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
provider: assertonly
has_expired: False
version: 3
signature_algorithms:
- sha256WithRSAEncryption
- sha256WithECDSAEncryption
subject:
commonName: www.example.com
C: US
ST: California
L: Los Angeles
O: ACME Inc.
OU:
- Roadrunner pest control
- Pyrotechnics
keyUsage:
- digitalSignature
extendedKeyUsage:
- ipsecUser
- biometricInfo
- name: Create private key 3
openssl_privatekey:
path: "{{ output_dir }}/privatekey3.pem"
- name: Create CSR 3
openssl_csr:
subject:
CN: www.example.com
privatekey_path: "{{ output_dir }}/privatekey3.pem"
path: "{{ output_dir }}/csr3.pem"
- name: Create certificate3 with notBefore and notAfter
openssl_certificate:
provider: selfsigned
selfsigned_not_before: 20181023133742Z
selfsigned_not_after: 20191023133742Z
path: "{{ output_dir }}/cert3.pem"
csr_path: "{{ output_dir }}/csr3.pem"
privatekey_path: "{{ output_dir }}/privatekey3.pem"
- name: Generate privatekey
openssl_privatekey:
path: '{{ output_dir }}/privatekey_ecc.pem'
type: ECC
curve: secp256k1
- name: Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr_ecc.csr'
privatekey_path: '{{ output_dir }}/privatekey_ecc.pem'
subject:
commonName: www.example.com
- name: Generate selfsigned certificate
openssl_certificate:
path: '{{ output_dir }}/cert_ecc.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
privatekey_path: '{{ output_dir }}/privatekey_ecc.pem'
provider: selfsigned
selfsigned_digest: sha256
register: selfsigned_certificate_ecc
- name: Generate selfsigned certificate (failed passphrase 1)
openssl_certificate:
path: '{{ output_dir }}/cert_pw1.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
privatekey_passphrase: hunter2
provider: selfsigned
selfsigned_digest: sha256
ignore_errors: yes
register: passphrase_error_1
- name: Generate selfsigned certificate (failed passphrase 2)
openssl_certificate:
path: '{{ output_dir }}/cert_pw2.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
privatekey_passphrase: wrong_password
provider: selfsigned
selfsigned_digest: sha256
ignore_errors: yes
register: passphrase_error_2
- name: Generate selfsigned certificate (failed passphrase 3)
openssl_certificate:
path: '{{ output_dir }}/cert_pw3.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
provider: selfsigned
selfsigned_digest: sha256
ignore_errors: yes
register: passphrase_error_3
2018-06-21 09:11:00 +02:00
- import_tasks: ../tests/validate_selfsigned.yml