From 9f253f64071201fc09a59f4626a3d6e2595042f5 Mon Sep 17 00:00:00 2001
From: Matthieu Saulnier <fantom@fedoraproject.org>
Date: Mon, 22 Jan 2018 06:10:59 +0100
Subject: Add CA and CRL specific path for daemons

---
 roles/common/files/crt-crl.pem | 29 +++++++++++++++++++++++++++++
 roles/common/tasks/ca.yml      | 12 ++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 roles/common/files/crt-crl.pem

diff --git a/roles/common/files/crt-crl.pem b/roles/common/files/crt-crl.pem
new file mode 100644
index 0000000..86314cf
--- /dev/null
+++ b/roles/common/files/crt-crl.pem
@@ -0,0 +1,29 @@
+-----BEGIN X509 CRL-----
+MIIE6TCCAtECAQEwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNVBAYTAkZSMRYwFAYD
+VQQIEw1JbGUtZGUtRnJhbmNlMQ0wCwYDVQQHEwRFdnJ5MRowGAYDVQQKExFNYXR0
+aGlldSBTYXVsbmllcjEiMCAGA1UEAxMZTWF0dGhpZXUgU2F1bG5pZXIgUm9vdCBD
+QTEnMCUGCSqGSIb3DQEJARYYZmFudG9tQGZlZG9yYXByb2plY3Qub3JnFw0xODAx
+MDMxNTMyMjZaFw0xOTAxMDMxNTMyMjZaMIIBFjAgAgEFFw0xMzExMDYwMDM5NDda
+MAwwCgYDVR0VBAMKAQAwIAIBBhcNMTMxMTA2MDA0ODA0WjAMMAoGA1UdFQQDCgEA
+MCACAQcXDTE0MDMxOTE3MzQzOFowDDAKBgNVHRUEAwoBADAgAgEIFw0xNDAzMTkx
+NzQyNDZaMAwwCgYDVR0VBAMKAQAwIAIBCRcNMTQwMzIwMjMwMTU5WjAMMAoGA1Ud
+FQQDCgEAMBICAQoXDTE1MDMyOTE0MzM1MVowIAIBDBcNMTQwNDEwMDgxNjMxWjAM
+MAoGA1UdFQQDCgEAMCACAQ4XDTE1MDQwNjE1MDIzN1owDDAKBgNVHRUEAwoBADAS
+AgEPFw0xNDEyMTMyMTEzMzZaoIHkMIHhMIHSBgNVHSMEgcowgceAFAWQm79COOPA
+2u1HgQ9iObnui/hgoYGjpIGgMIGdMQswCQYDVQQGEwJGUjEWMBQGA1UECBMNSWxl
+LWRlLUZyYW5jZTENMAsGA1UEBxMERXZyeTEaMBgGA1UEChMRTWF0dGhpZXUgU2F1
+bG5pZXIxIjAgBgNVBAMTGU1hdHRoaWV1IFNhdWxuaWVyIFJvb3QgQ0ExJzAlBgkq
+hkiG9w0BCQEWGGZhbnRvbUBmZWRvcmFwcm9qZWN0Lm9yZ4IJAPh0szidm4XLMAoG
+A1UdFAQDAgEJMA0GCSqGSIb3DQEBCwUAA4ICAQBhnYcqUT0DHNFyQ7xLz5ndcNSL
+ImYL1Yo5PK7Q6VFOJEMT1LYKWx1UBDDwMuNI9zZLsWliYvaTNMC8M7HvJRXmAqDU
+Xkmk44Bj/sjCUSHCAWXL+hcMZGjpPjBfPVEEAqZJ6xkffwq2KS0MwtYV7AHssMNy
+xmLIdnjG0dKsvWCAm1HfZyoSx8QUzCSKLeA9agFBbCVX7W8fCib2J+qMVWybvBS7
+l4QI+MZxGL+fFW13lHQf1IWIsqdGyfjGh7O1urodDQLqCBHEZbvyqt63dNpjZgQF
+J8xai8qQjgJaya2ZntrMh1bjSJ1mzfXWpqSr00svCm1Q8Slc22hKeR33djSCgQFv
+iJZZt0cUzCIOzz4T4OeYBLpY10QaRPQSktKKjtkbxniIPQYsSSphQKkgs+CyqPIx
+mVREhVtvBUx4X0Ko1CtsDqL7h2cng2qIHcWyjF6fm/Eg4lDDlPbTcK3DaUmKKzs8
+b/l8COGFboP3zgUjcxAXW/OpubUWVL+viegQVyMAwnb2i57DfQZyqUOYr6PeamJq
+/A0lytU92VtPUxbqCjzmP40oczCFeSZGTFIBgdpAn5koILrvnuEYGmYXKvptvj2K
+0sv5ktz58cW71OqqDVCjetIqk0UO4EcgNd6mpHEZ6+RdpgmNyNZqZvsiAowx91Wt
+X+Ih0pQip2X7s72qNw==
+-----END X509 CRL-----
diff --git a/roles/common/tasks/ca.yml b/roles/common/tasks/ca.yml
index 2bf0e0d..6c9b02c 100644
--- a/roles/common/tasks/ca.yml
+++ b/roles/common/tasks/ca.yml
@@ -6,3 +6,15 @@
 
 - name: Mise à jour de la base de confiance CA
   command: /usr/bin/update-ca-trust
+
+- name: Installation CA personnel pour applis serveur
+  copy:
+    src: root.pem
+    dest: /etc/pki/tls/certs/mon-ca.crt
+    mode: 0444
+
+- name: Installation et renouvellement de la CRL
+  copy:
+    src: crt-crl.pem
+    dest: /etc/pki/tls/certs/crt-crl.pem
+    mode: 0444
-- 
cgit