add crl endpoint support
This commit is contained in:
Jean-Marie Mineau
parent
ec297a7dd3
commit
b41a2b1bc2
3 changed files with 30 additions and 1 deletions
18
README.md
18
README.md
|
|
@ -60,3 +60,21 @@ Then, don't forget to remode the file `ca.key`.
|
|||
## How does it works ?
|
||||
|
||||
The role check if the certificate already exist and is valid. If not, it will generate **on the localhost** the certificates and then copy them to the remote host and delate the local version.
|
||||
|
||||
## Add a CRL endpoint
|
||||
|
||||
If you use a CRL to revocate your certifiates, you can add the variable `crl_distribution_points` to describe the CRL endpoint(s). CF https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_csr_module.html for more information about `crl_distribution_points`.
|
||||
|
||||
```
|
||||
crl_distribution_points:
|
||||
- full_name: "URI:https://ca.example.com/revocations.crl"
|
||||
reasons:
|
||||
- key_compromise
|
||||
- ca_compromise
|
||||
- affiliation_changed
|
||||
- superseded
|
||||
- cessation_of_operation
|
||||
- certificate_hold
|
||||
- privilege_withdrawn
|
||||
- aa_compromise
|
||||
```
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue