Use openssl_privatekey and openssl_csr Ansible modules
felixfontein opened this issue · comments
The openssl_csr module allows to create CSRs. I don't know whether it can handle the OCSP Must Staple extension (tlsfeature = status_request
in OpenSSL config), though.
The openssl_privatekey module allows to create private keys. Downside: only supports RSA keys.
Both modules depend on python-pyOpenSSL, which would introduce yet another dependency.
Because of these downsides, I won't use these modules for now.
OCSP Must Staple support could be added in ansible/ansible#35082.
This ticket requested elliptic curve support for openssl_privatekey
: ansible/ansible#32626
OCSP Must Staple support will be in Ansible 2.5.
An updated version of openssl_privatekey
which doesn't necessarily require pyOpenSSL is developed in ansible/ansible#49416.
Ansible 2.8 will allow to use openssl_privatekey
and openssl_csr
with cryptography
(PR for openssl_csr
: ansible/ansible#50324).