Ansible role that generates an openssl config, creates an csr request, and automatically requests/retrieves a certiicate from a Microsoft CA Server

This role can be used with the followung variables:

---
- hosts: lall
  tasks:
    - name: Include role
      include_role:
        name: haydn-j-evans/pki_certs
      vars:
        ansible_host: 
        ansible_domain:
        pki_ca_host:
        update_existing_cert_domains: "true" or "false"
        certificate_organisational_unit: 
        certificate_organisation:
        certificate_email:
        certificate_cn:
        certificate_country:
        certificate_state:
        certificate_city:
        pki_san1: 
        .
        pki_san20: 
        pki_ip1:
        .
        pki_ip5:

The role supports a max of 20 Subject Alternative Names and a max of 5 IP addresses. Only insert as many values as you need.

If you wish to only update a certificate that is due to expire, use the value "update_existing_cert_domains: false" This will then search for an existing openssl.conf at the following location:

/etc/pki/tls/misc/openssl.conf

If this file is not present, the role will end.

The role will place the certificate and key in the following locations:

Certificate - /etc/pki/tls/certs/{ ansible_hostname.ansible_domain }.cert

Key - /etc/pki/tls/private/{ ansible_hostname.ansible_domain }.key

The role supports the following tags for more granularity:

pfx - If java is present on the system, this tag will generate a PFX file from the generated certificate

cert - Performs the steps to generate the certificate

verify - copies the certificate + key from the temporary directory to the final location =

validate - compares the generated certificate and generated key hashes to ensure a valid cert is generated.