Setting provisioner for sign SubCA certificate by step ca token
patsevanton opened this issue · comments
Anton Patsev commented
Hello! Thanks for ansible-collection-smallstep!
I install step-ca by role with variable:
- hosts: smallstep
become: yes
tasks:
- name: Install step-ca
include_role:
name: maxhoesel.smallstep.step_ca
vars:
step_ca_dns: "ca.mydomain.int"
step_ca_name: "MyPrivateCA"
step_ca_root_password: "incredibly secret password"
step_ca_intermediate_password: "very secret password"
I try create certificate for SubCA
- name: Generate an OpenSSL certificate signed with your Step-CA
become: true
ansible.builtin.shell:
cmd: step-cli certificate sign --profile intermediate-ca --token $(step-cli ca token ca.mydomain.int --ca-url https://ca.mydomain.int --root root_ca.crt --password-file /etc/step-ca/.password.txt) ipa.csr ipa.crt | sudo tee -a ipa.crt
chdir: /etc/step-ca/certs
register: generate_ipa_crt
vars:
ansible_ssh_pipelining: no
- name: stderr
debug: msg="{{ generate_ipa_crt.stderr }}"
Get error:
msg: |-
cannot create a new token: the CA does not have any provisioner configured
flag provided but not defined: -token
What type of provisioner i need configured for sign cert for SubCA?