|
@@ -1,27 +1,3 @@
|
1
|
|
-- name: Copy SSL private key into place
|
2
|
|
- copy: src=wildcard_private.key dest=/etc/ssl/private/wildcard_private.key group=ssl-cert owner=root mode=640
|
3
|
|
- register: private_key
|
4
|
|
- notify: restart apache
|
5
|
|
-
|
6
|
|
-- name: Copy SSL public certificate into place
|
7
|
|
- copy: src=wildcard_public_cert.crt dest=/etc/ssl/certs/wildcard_public_cert.crt group=root owner=root mode=644
|
8
|
|
- register: certificate
|
9
|
|
- notify: restart apache
|
10
|
|
-
|
11
|
|
-- name: Copy CA combined certificate into place
|
12
|
|
- copy: src=wildcard_ca.pem dest=/etc/ssl/certs/wildcard_ca.pem group=root owner=root mode=644
|
13
|
|
- register: ca_certificate
|
14
|
|
- notify: restart apache
|
15
|
|
-
|
16
|
|
-- name: Create a combined version of the public cert with intermediate and root CAs
|
17
|
|
- shell: cat /etc/ssl/certs/wildcard_public_cert.crt /etc/ssl/certs/wildcard_ca.pem >
|
18
|
|
- /etc/ssl/certs/wildcard_combined.pem
|
19
|
|
- when: private_key.changed or certificate.changed or ca_certificate.changed
|
20
|
|
-
|
21
|
|
-- name: Set permissions on combined public cert
|
22
|
|
- file: name=/etc/ssl/certs/wildcard_combined.pem mode=644
|
23
|
|
- notify: restart apache
|
24
|
|
-
|
25
|
1
|
- name: Create strong Diffie-Hellman group
|
26
|
2
|
command: openssl dhparam -out /etc/ssl/private/dhparam2048.pem 2048
|
27
|
3
|
creates=/etc/ssl/private/dhparam2048.pem
|