Ansible playbook to check the certificate associated with client-ssl profiles for expiration with-in a user defined number of days.

This ansible playbook (automateCerts.yml) has been designed to utilize 3 roles (checkExpire, createCsrCert and installNewKeysCerts ). Any variables that are specific to a given role are placed in the roles vars/main.yml file.

Authentication users accounts are defined in group_vars/all/users.yml file, with username and password variables being pulled from two environment variables.

The checkExpire/vars/crts2Check.yml file contains a dictionary of dictionarires of which clientssl profiles certificates are to be checked. Sample of the crt2Check.yml file format.

---
    certs2Check:
      astro.thejetsons.org_clientssl:
        host: 192.168.0.49
        partition: Common
      elroy.thejetsons.org_clientssl:
        host: 192.168.0.45
        partition: Common
      judy.thejetsons.org_clientssl:
        host: 192.168.0.45
        partition: Common

The number of days in the future to check for certificate expiration is handled with the crtExpireCheckDate variable.

certNames2Renew is a dictionary of dictionaries that keyed by the clientssl profile name.

Example:

astro.thejetsons.org_clientssl:
  commonName: astro.thejetsons.org
  expiration: 2021-04-02 15:58:01
  host: 192.168.0.49
  partition: Common  

Currently the createCsrCert creates self assigned certificates with a user-defined number of days controlled by the certDays variable located in the createCsrCert/vars/main.yml file.

The new SSL keys and certs will have a timestamp appended to their names. The timestamp variable is defined in automateCerts.yml file.

Example: elroy.thejetsons.org-2021-04-07.key