diff options
author | Matthieu Saulnier <fantom@fedoraproject.org> | 2023-04-22 06:28:52 +0200 |
---|---|---|
committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2023-04-22 06:28:52 +0200 |
commit | 2c25771d47fcef49a67ec89918b90ff009ae8192 (patch) | |
tree | a80738be3067fac7988e9b903e123a876976f499 | |
parent | 7d2f5f0a6f2c54344e313572c6ffda65e7e5b4e4 (diff) | |
download | playbooks-ansible-2c25771d47fcef49a67ec89918b90ff009ae8192.tar.gz playbooks-ansible-2c25771d47fcef49a67ec89918b90ff009ae8192.tar.xz playbooks-ansible-2c25771d47fcef49a67ec89918b90ff009ae8192.zip |
Remove server certificate for PHP
-rwxr-xr-x | bin/crtkey-gen.sh | 2 | ||||
-rw-r--r-- | openssl/config-server/casperlefantom.net.packardmerlin.php-openssl.cnf | 37 | ||||
-rw-r--r-- | roles/phpworker/tasks/crt.yml | 40 |
3 files changed, 1 insertions, 78 deletions
diff --git a/bin/crtkey-gen.sh b/bin/crtkey-gen.sh index c161a72..02159d4 100755 --- a/bin/crtkey-gen.sh +++ b/bin/crtkey-gen.sh @@ -6,7 +6,7 @@ SERIAL="38" # crtversion SERVERHOST="" CLIENTHOST="$SERVERHOST sd-126263.dbjabber sd-128718.nfs sd-128718.bosh sd-128718.ws sd-128718.matrix packardmerlin.dbcirrus packardmerlin.dblinks packardmerlin.nfs packardmerlin.redis" -SERVICELIST="manchester.nfs blackbird.ejabberd blackbird.dbjabber blackbird.dbcirrus blackbird.dblinks blackbird.postfix blackbird.dovecot blackbird.murmur blackbird.ws blackbird.bosh blackbird.redis sd-94125.postfix sd-94125.dovecot sd-94125.vpn sd-126263.ejabberd sd-126263.nfs sd-126263.murmur sd-126263.ws sd-126263.bosh sd-126263.redis blackbird.nfs packardmerlin.php" +SERVICELIST="manchester.nfs blackbird.ejabberd blackbird.dbjabber blackbird.dbcirrus blackbird.dblinks blackbird.postfix blackbird.dovecot blackbird.murmur blackbird.ws blackbird.bosh blackbird.redis sd-94125.postfix sd-94125.dovecot sd-94125.vpn sd-126263.ejabberd sd-126263.nfs sd-126263.murmur sd-126263.ws sd-126263.bosh sd-126263.redis blackbird.nfs" JABBERHOST="blackbird.ejabberd sd-126263.ejabberd" diff --git a/openssl/config-server/casperlefantom.net.packardmerlin.php-openssl.cnf b/openssl/config-server/casperlefantom.net.packardmerlin.php-openssl.cnf deleted file mode 100644 index d725d17..0000000 --- a/openssl/config-server/casperlefantom.net.packardmerlin.php-openssl.cnf +++ /dev/null @@ -1,37 +0,0 @@ -[ req ] -default_bits = 4096 -default_md = sha256 -encrypt_key = no -distinguished_name = req_dn -req_extensions = v3_req -prompt = no - -[ req_dn ] -# country (2 letter code) -C=FR - -# State or Province Name (full name) -ST=Basse-Normandie - -# Locality Name (eg. city) -L=Caen - -# Organization (eg. company) -O=casperlefantom.net - -# Organizational Unit Name (eg. section) -OU=PHP - -# Common Name (*.example.com is also possible) -CN=php-worker2.home.casperlefantom.net - -# E-mail contact -emailAddress=hostmaster@casperlefantom.net - -[ v3_req ] -subjectAltName = @alt_names - -[alt_names] -DNS.1 = packardmerlin.home.casperlefantom.net -DNS.2 = merlin.home.casperlefantom.net -DNS.3 = php-worker2.home.casperlefantom.net diff --git a/roles/phpworker/tasks/crt.yml b/roles/phpworker/tasks/crt.yml index 15916e4..bd9c542 100644 --- a/roles/phpworker/tasks/crt.yml +++ b/roles/phpworker/tasks/crt.yml @@ -1,43 +1,3 @@ -- name: Installation des fichiers certificat pour php - copy: - src: "certs/{{ maindomain }}.{{ ansible_hostname }}.php.{{ crtversion }}.crt" - dest: "/etc/pki/tls/certs/{{ maindomain }}.php.crt" - owner: root - group: root - mode: 0644 - tags: keys - -- name: Installation du fichier dhparam pour php - copy: - src: "certs/dhparam-4096.{{ ansible_hostname }}.{{ crtversion }}.pem" - dest: "/etc/pki/tls/certs/dhparam-4096.{{ ansible_hostname }}.php.pem" - owner: root - group: root - mode: 0644 - tags: keys - -- name: Installation des fichiers clé pour php - copy: - src: "certs/{{ maindomain }}.{{ ansible_hostname }}.php.{{ crtversion }}.key" - dest: "/etc/pki/tls/private/{{ maindomain }}.php.key" - owner: root - group: root - mode: 0400 - tags: keys - -- name: Format PEM - command: openssl x509 -in {{ maindomain }}.php.crt -out {{ maindomain }}.php.crt.tmp -outform PEM - args: - chdir: /etc/pki/tls/certs/ - tags: keys - -- name: Mise à jour du fichier fullchain.pem - shell: cat '{{ maindomain }}'.php.crt.tmp mon-ca.crt dhparam-4096.{{ ansible_hostname }}.php.pem > '{{ maindomain }}'.php.fullchain.crt - args: - chdir: /etc/pki/tls/certs/ - executable: /usr/bin/zsh - tags: keys - # x509 client - name: Installation du certificat client copy: |