3e4a306a42
Current openssl_certificate is mistakenly taking its derivating its version number from the csr version number. Thos two fields are completly unrelated and hence the version number of the certificate should be able to be directly specified (via selfsigned_version parameter).
39 lines
1.5 KiB
YAML
39 lines
1.5 KiB
YAML
- name: Validate certificate (test - privatekey modulus)
|
|
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
|
|
register: privatekey_modulus
|
|
|
|
- name: Validate certificate (test - certificate modulus)
|
|
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert.pem | openssl md5'
|
|
register: cert_modulus
|
|
|
|
- name: Validate certificate (test - certficate version == default == 3)
|
|
shell: 'openssl x509 -noout -in {{ output_dir}}/cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
|
|
register: cert_version
|
|
|
|
- name: Validate certificate (assert)
|
|
assert:
|
|
that:
|
|
- cert_modulus.stdout == privatekey_modulus.stdout
|
|
- cert_version.stdout == '3'
|
|
|
|
- name: Validate certificate v2 (test - certificate version == 2)
|
|
shell: 'openssl x509 -noout -in {{ output_dir}}/cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
|
|
register: cert_v2_version
|
|
|
|
- name: Validate certificate version 2 (assert)
|
|
assert:
|
|
that:
|
|
- cert_v2_version.stdout == '2'
|
|
|
|
- name: Validate certificate2 (test - privatekey modulus)
|
|
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey2.pem | openssl md5'
|
|
register: privatekey2_modulus
|
|
|
|
- name: Validate certificate2 (test - certificate modulus)
|
|
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert2.pem | openssl md5'
|
|
register: cert2_modulus
|
|
|
|
- name: Validate certificate2 (assert)
|
|
assert:
|
|
that:
|
|
- cert2_modulus.stdout == privatekey2_modulus.stdout
|