cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-09-20 11:12:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add missing basicConstraints to use certificate as CA in OpenSSL tasks

Browse Source
This commit is contained in:
Christer Warén
2025-09-10 13:55:09 +03:00
parent 7a09d1e227
commit 6614a4e3fe
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tasks/deployer.yml
View File

@@ -486,6 +486,12 @@
organizationName: "{{ config.openssl.certificates[cert].organization.name }}" organizationName: "{{ config.openssl.certificates[cert].organization.name }}"
organizationalUnitName: "{{ config.openssl.certificates[cert].organization.unit }}" organizationalUnitName: "{{ config.openssl.certificates[cert].organization.unit }}"
countryName: FI countryName: FI
basicConstraints:
- 'CA:TRUE'
basic_constraints_critical: true
key_usage:
- keyCertSign
key_usage_critical: true
loop: "{{ config.openssl.certificates.keys() | list }}" loop: "{{ config.openssl.certificates.keys() | list }}"
loop_control: loop_control:
label: "{{ cert }}" label: "{{ cert }}"
@@ -508,6 +514,12 @@
stateOrProvinceName: "{{ config.openssl.certificates[cert].location.providence }}" stateOrProvinceName: "{{ config.openssl.certificates[cert].location.providence }}"
localityName: "{{ config.openssl.certificates[cert].location.city }}" localityName: "{{ config.openssl.certificates[cert].location.city }}"
countryName: FI countryName: FI
basicConstraints:
- 'CA:TRUE'
basic_constraints_critical: true
key_usage:
- keyCertSign
key_usage_critical: true
loop: "{{ config.openssl.certificates.keys() | list }}" loop: "{{ config.openssl.certificates.keys() | list }}"
loop_control: loop_control:
label: "{{ cert }}" label: "{{ cert }}"