How to Generate SSL Certificate using Ansible | Generation CSR using Ansible

In this tutorial we will install openssl package and use following listed modules

Openssl_privatekey - To generate private key
Openssl_csr - To generate csr file
Openssl_certificate - To Generate certificate

Before we start this tutorial we read example and doc of all module
ansible-doc openssl_privatekeyansible-doc openssl_csransible-doc openssl_certificate

Step 1:

Go to ansible main directory and create yml file with suitable name
cd /etc/ansiblevi ssl-certs.yml
#We define name and hosts entry for execution of this playbook, you can replace with your targeted hosts or group

- name: generate ssl certificate
  gather_facts: false

# For generation of SSL certs we required a openssl package so our first task is to install package on remote/localhost, 


  - name: Install openssl package
    yum: name=openssl state=latest

# This is optional steps to keep ssl certificate, create a directory

  - name: Create ssl directory
    file: path=/etc/ssl/linuxtopic state=directory mode=0775

# Now we will generate a private key by using a "openssl_privatekey" module 

  - name: Generate Private key
    openssl_privatekey: path=/etc/ssl/linuxtopic/server-master.key

# After generation of key we will generate csr with the help of "openssl_csr" module 

  - name: Generate CSR
     path: /etc/ssl/linuxtopic/linuxtopic-client.csr
     privatekey_path: /etc/ssl/linuxtopic/server-master.key 
     country_name: IN
     email_address: [email protected]
     organization_name: linuxtopic

# at the end of the tasks we will generate certificate using  "openssl_certificate" module

  - name: Generate a self signed certificate
     csr_path: /etc/ssl/linuxtopic/linuxtopic-client.csr
     path: /etc/ssl/linuxtopic/linuxtopic-self-signed.crt
     privatekey_path: /etc/ssl/linuxtopic/server-master.key
     provider: selfsigned

Step 2:

To execute ansible playbook
ansible-playbook ssl-certs.yml

Step 3: 

To Verify 
ls -lah /etc/ssl/linuxtopic/

Your support is must so Please Like, share and comment on this ansible  artical.



Powered by Blogger.