add subject_alt_name and CN when wildcard declared

2023-11-26 12:12:09 +01:00 · 2023-11-26 12:12:09 +01:00 · 8b9468191a
parent d7041335e4
commit 8b9468191a
1 changed files with 13 additions and 3 deletions
--- a/tasks/ssl.yml
+++ b/tasks/ssl.yml
@ -90,10 +90,20 @@

 - name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR)'
  openssl_csr:
-    path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'
+    path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'
    privatekey_path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
  with_items: "{{ nginx_vhosts }}"
-  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
+  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' and item.wildcard is not defined
+  notify: reload nginx
+
+- name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR) for wildcard'
+  openssl_csr:
+    path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'
+    privatekey_path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
+    common_name: "*.{{ item.ssl_name }}"
+    subject_alt_name: "DNS:*.{{ item.ssl_name }}"
+  with_items: "{{ nginx_vhosts }}"
+  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' and item.wildcard is defined and item.wildcard == 'true'
  notify: reload nginx

 - name: '[SELFSIGNED] - Create a self-signed certificate'
@ -104,4 +114,4 @@
    provider: selfsigned
  with_items: "{{ nginx_vhosts }}"
  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
-  notify: reload nginx
+  notify: reload nginx