Use openssl_privatekey and openssl_csr Ansible modules

Question

Use openssl_privatekey and openssl_csr Ansible modules

felixfontein opened this issue 7 years ago · comments

The openssl_csr module allows to create CSRs. I don't know whether it can handle the OCSP Must Staple extension (tlsfeature = status_request in OpenSSL config), though.

The openssl_privatekey module allows to create private keys. Downside: only supports RSA keys.

Both modules depend on python-pyOpenSSL, which would introduce yet another dependency.

Because of these downsides, I won't use these modules for now.

Felix Fontein · Answer 1 · Fri Jan 19 2018 14:08:34 GMT+0800 (China Standard Time)

OCSP Must Staple support could be added in ansible/ansible#35082.

Felix Fontein · Answer 2 · Fri Jan 19 2018 14:12:51 GMT+0800 (China Standard Time)

This ticket requested elliptic curve support for openssl_privatekey: ansible/ansible#32626

Felix Fontein · Answer 3 · Sun Feb 11 2018 03:36:47 GMT+0800 (China Standard Time)

OCSP Must Staple support will be in Ansible 2.5.

Felix Fontein · Answer 4 · Sun Dec 02 2018 20:01:42 GMT+0800 (China Standard Time)

An updated version of openssl_privatekey which doesn't necessarily require pyOpenSSL is developed in ansible/ansible#49416.

Felix Fontein · Answer 5 · Tue Mar 05 2019 04:47:40 GMT+0800 (China Standard Time)

Ansible 2.8 will allow to use openssl_privatekey and openssl_csr with cryptography (PR for openssl_csr: ansible/ansible#50324).