Documentation

openssl_csr - Generate OpenSSL Certificate Signing Request (CSR)

New in version 2.4.

Synopsis

  • This module allows one to (re)generates OpenSSL certificate signing requests. It uses the pyOpenSSL python library to interact with openssl. This module support the subjectAltName extension. Note: At least one of commonName or subjectAltName must be specified.

Options

parameter required default choices comments
commonName
no
commonName field of the certificate signing request subject

aliases: CN
countryName
no
countryName field of the certificate signing request subject

aliases: C
digest
no sha256
Digest used when signing the certificate signing request with the private key
emailAddress
no
emailAddress field of the certificate signing request subject

aliases: E
force
no
  • True
  • False
Should the certificate signing request be forced regenerated by this ansible module
localityName
no
localityName field of the certificate signing request subject

aliases: L
organizationName
no
organizationName field of the certificate signing request subject

aliases: O
organizationUnitName
no
organizationUnitName field of the certificate signing request subject

aliases: OU
path
yes
Name of the folder in which the generated OpenSSL certificate signing request will be written
privatekey_path
yes
Path to the privatekey to use when signing the certificate signing request
state
no present
  • present
  • absent
Whether the certificate signing request should exist or not, taking action if the state is different from what is stated.
stateOrProvinceName
no
stateOrProvinceName field of the certificate signing request subject

aliases: ST
subjectAltName
no
SAN extention to attach to the certificate signing request
version
no 3
Version of the certificate signing request

Examples

# Generate an OpenSSL Certificate Signing Request
- openssl_csr:
    path: /etc/ssl/csr/www.ansible.com.csr
    privatekey_path: /etc/ssl/private/ansible.com.pem
    commonName: www.ansible.com

# Generate an OpenSSL Certificate Signing Request with Subject informations
- openssl_csr:
    path: /etc/ssl/csr/www.ansible.com.csr
    privatekey_path: /etc/ssl/private/ansible.com.pem
    countryName: FR
    organizationName: Ansible
    emailAddress: [email protected]
    commonName: www.ansible.com

# Generate an OpenSSL Certificate Signing Request with subjectAltName extension
- openssl_csr:
    path: /etc/ssl/csr/www.ansible.com.csr
    privatekey_path: /etc/ssl/private/ansible.com.pem
    subjectAltName: 'DNS:www.ansible.com,DNS:m.ansible.com'

# Force re-generate an OpenSSL Certificate Signing Request
- openssl_csr:
    path: /etc/ssl/csr/www.ansible.com.csr
    privatekey_path: /etc/ssl/private/ansible.com.pem
    force: True
    commonName: www.ansible.com

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
csr Path to the generated Certificate Signing Request changed or success string /etc/ssl/csr/www.ansible.com.csr
subjectAltName The alternative names this CSR is valid for changed or success string DNS:www.ansible.com,DNS:m.ansible.com
subject A dictionnary of the subject attached to the CSR changed or success list {'CN': 'www.ansible.com', 'O': 'Ansible'}


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is community maintained without core committer oversight.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.