Try SpotterGenerate OpenSSL Certificate Signing Request (CSR)
| "added in version" 2.4 of ansible.builtin"
Authors: Yanis Guenane (@Spredzy)
preview | supported by community
pipInstall with pip install ansible==2.4.3.0.post1
This module allows one to (re)generate OpenSSL certificate signing requests. It uses the pyOpenSSL python library to interact with openssl. This module supports the subjectAltName as well as the keyUsage and extendedKeyUsage extensions. Note: At least one of common_name or subject_alt_name must be specified. This module uses file common arguments to specify generated file permissions.
# Generate an OpenSSL Certificate Signing Request
- openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
common_name: www.ansible.com
# Generate an OpenSSL Certificate Signing Request with a
# passphrase protected private key
- openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
privatekey_passphrase: ansible
common_name: www.ansible.com
# Generate an OpenSSL Certificate Signing Request with Subject information
- openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
country_name: FR
organization_name: Ansible
email_address: jdoe@ansible.com
common_name: www.ansible.com
# Generate an OpenSSL Certificate Signing Request with subjectAltName extension
- openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
subject_alt_name: 'DNS:www.ansible.com,DNS:m.ansible.com'
# Force re-generate an OpenSSL Certificate Signing Request
- openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
force: True
common_name: www.ansible.com
# Generate an OpenSSL Certificate Signing Request with special key usages
- openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
common_name: www.ansible.com
key_usage:
- digitlaSignature
- keyAgreement
extended_key_usage:
- clientAuth
path:
description:
- Name of the folder in which the generated OpenSSL certificate signing request will
be written
required: true
force:
choices:
- true
- false
default: false
description:
- Should the certificate signing request be forced regenerated by this ansible module
required: false
state:
choices:
- present
- absent
default: present
description:
- Whether the certificate signing request should exist or not, taking action if the
state is different from what is stated.
required: false
digest:
default: sha256
description:
- Digest used when signing the certificate signing request with the private key
required: false
version:
default: 3
description:
- Version of the certificate signing request
required: false
key_usage:
aliases:
- keyUsage
description:
- This defines the purpose (e.g. encipherment, signature, certificate signing) of
the key contained in the certificate.
- This can either be a 'comma separated string' or a YAML list.
required: false
common_name:
aliases:
- CN
- commonName
description:
- commonName field of the certificate signing request subject
required: false
country_name:
aliases:
- C
- countryName
description:
- countryName field of the certificate signing request subject
required: false
email_address:
aliases:
- E
- emailAddress
description:
- emailAddress field of the certificate signing request subject
required: false
locality_name:
aliases:
- L
- localityName
description:
- localityName field of the certificate signing request subject
required: false
privatekey_path:
description:
- Path to the privatekey to use when signing the certificate signing request
required: true
subject_alt_name:
aliases:
- subjectAltName
description:
- SAN extension to attach to the certificate signing request
- This can either be a 'comma separated string' or a YAML list.
required: false
organization_name:
aliases:
- O
- organizationName
description:
- organizationName field of the certificate signing request subject
required: false
extended_key_usage:
aliases:
- extKeyUsage
- extendedKeyUsage
description:
- Additional restrictions (e.g. client authentication, server authentication) on the
allowed purposes for which the public key may be used.
- This can either be a 'comma separated string' or a YAML list.
required: false
key_usage_critical:
aliases:
- keyUsage_critical
description:
- Should the keyUsage extension be considered as critical
required: false
privatekey_passphrase:
description:
- The passphrase for the privatekey.
required: false
state_or_province_name:
aliases:
- ST
- stateOrProvinceName
description:
- stateOrProvinceName field of the certificate signing request subject
required: false
organizational_unit_name:
aliases:
- OU
- organizationalUnitName
description:
- organizationalUnitName field of the certificate signing request subject
required: false
subject_alt_name_critical:
aliases:
- subjectAltName_critical
description:
- Should the subjectAltName extension be considered as critical
required: false
extended_key_usage_critical:
aliases:
- extKeyUsage_critical
- extendedKeyUsage_critical
description:
- Should the extkeyUsage extension be considered as critical
required: false
extendedKeyUsage:
description: Additional restriction on the public key purposes
returned: changed or success
sample:
- clientAuth
type: list
filename:
description: Path to the generated Certificate Signing Request
returned: changed or success
sample: /etc/ssl/csr/www.ansible.com.csr
type: string
keyUsage:
description: Purpose for which the public key may be used
returned: changed or success
sample:
- digitalSignature
- keyAgreement
type: list
privatekey:
description: Path to the TLS/SSL private key the CSR was generated for
returned: changed or success
sample: /etc/ssl/private/ansible.com.pem
type: string
subject:
description: A dictionnary of the subject attached to the CSR
returned: changed or success
sample:
CN: www.ansible.com
O: Ansible
type: list
subjectAltName:
description: The alternative names this CSR is valid for
returned: changed or success
sample:
- DNS:www.ansible.com
- DNS:m.ansible.com
type: list