-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x509_certificate: Unable to load certificate #226
Comments
Well, this is not a surprise since - name: "Create OpenSSL CA.crt"
run_once: yes
become: yes
become_user: "{{ local_user }}"
delegate_to: localhost
openssl_publickey:
path: "{{ role_path }}/files/ca.crt"
privatekey_path: "{{ role_path }}/files/ca.key" You need a certificate, not a public key. |
ok, gotcha, I should have realized that. If I can make a recommendation it would be to update the documentation that goes along with this module to address creating a self-signed CA as that has got to be a pretty common usecase. |
Were you able to create your self-signed root certificate? The first example in the - name: Generate a Self Signed OpenSSL certificate
community.crypto.x509_certificate:
path: /etc/ssl/crt/ansible.com.crt
privatekey_path: /etc/ssl/private/ansible.com.pem
csr_path: /etc/ssl/csr/ansible.com.csr
provider: selfsigned To your point however these modules don't really cover creating a CA which typically involves setting up the directory structure, configurations, and initial state of the CA database/serial number sequence. So if you really need to create a CA I would look at other options however for creating a self-signed cert the docs cover what is needed. |
This is something we should add as a scenario guide I guess, similar to some other common use-cases. (We hopefully will be able to publish guides soon, using ansible-community/antsibull-build#255...) |
I started writing some guides in #237. |
SUMMARY
Attempting to use community.crypto to create a self-signed CA, then sign a number of x509 certifcates
ISSUE TYPE
COMPONENT NAME
x509_certificate
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
Red Hat Enterprise Linux 8.3
STEPS TO REPRODUCE
This is a part of role, so the yaml below is from the task associated with these steps
EXPECTED RESULTS
I expect the x509_certificate module to successfully create and output a certificate
ACTUAL RESULTS
I get the following output
fatal: [vault01.dev.env]: FAILED! => {"changed": false, "msg": "Unable to load certificate"}
I have validated it is not a permissions issue as the become user owns the files that the x509_certificate module is trying to read.
The text was updated successfully, but these errors were encountered: