Explain how to generate a CA
This commit is contained in:
Jean-Marie Mineau
parent
cb7dc99f5b
commit
eaacbca6dc
2 changed files with 139 additions and 3 deletions
47
README.md
47
README.md
|
|
@ -8,4 +8,51 @@ The Public Certificate of the CA and its Private Key are ansible variables. Make
|
|||
|
||||
## Generate a CA
|
||||
|
||||
### Generate a key
|
||||
|
||||
```
|
||||
openssl genrsa -out ca.key -aes256 4096
|
||||
```
|
||||
|
||||
It will ask a passphrase. Put the passphrase in a vault as `ca_passphrase`.
|
||||
|
||||
Then, put the content of `ca.key` in the vaul:
|
||||
|
||||
```
|
||||
ca_key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,EABBE7D2AC7D31F05392F733E9F9B031
|
||||
|
||||
vbKyyhou4oJIZEXL1U4ESbUJ/r5Im9lZNatJwZISOnD3E//+Vf3QaIb+sQ2xNym9
|
||||
...
|
||||
iKkhjgSIm7tWWR5lxd/dpeoEM/+tvcZ0KJqFsbPv9jmZPl4/PfBf7O185K7KCY9L
|
||||
-----END RSA PRIVATE KEY-----
|
||||
```
|
||||
|
||||
### Generate the certificate
|
||||
|
||||
```
|
||||
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
|
||||
```
|
||||
|
||||
You can replace `3650` by the validity periode you want for your certificate.
|
||||
|
||||
You will be ask questions for the content of the certificate, answer adequately.
|
||||
|
||||
Then, put the content of `ca.pem` in the variables as `ca_cert`:
|
||||
|
||||
```
|
||||
ca_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIF7TCCA9WgAwIBAgIURKS2ggzKV0XKM6IdSqPjDvsr9AowDQYJKoZIhvcNAQEL
|
||||
...
|
||||
YRj4p9wG46WoMCvnNxdgL2/MQfp+Y8rinDEk1BG1Zb8g
|
||||
-----END CERTIFICATE-----
|
||||
```
|
||||
|
||||
Then, don't forget to remode the file `ca.key`.
|
||||
|
||||
|
||||
|
||||
## How does it works ?
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue