Commit e222d596 authored by CRAIG BENNER's avatar CRAIG BENNER

Tweaks to the process

parent 8f8af99c
......@@ -17,30 +17,7 @@
- name: create LDAPS local certRequest.inf
delegate_to: localhost
copy:
content: ";----------------- request.inf -----------------
[Version]
Signature=$Windows NT$
[NewRequest]
Subject = \"CN=develop-dc-01.develop.local\" ; replace with the FQDN of the DC
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = \"Microsoft RSA SChannel Cryptographic Provider\"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[Extensions]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;-----------------------------------------------"
src: "{{ role_path }}/files/certRequest.inf"
dest: ./certRequest.inf
......@@ -63,15 +40,6 @@ OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
dest: develop_dc.pem
flat: yes
##### NOT SURE IF NEEDED
#- name: create v3ext.txt
# delegate_to: localhost
# copy:
# content: "keyUsage=digitalSignature,keyEncipherment
# extendedKeyUsage=serverAuth
# subjectKeyIdentifier=hash"
# dest: ./v3ext.txt
- name: create ldaps cert
shell: openssl x509 -req -days 3650 -in develop_dc.pem -passin pass:{{ ad_safe_mode_password }} -CA ca.crt -CAkey ca.key -set_serial 01 -out develop_dc.crt
delegate_to: localhost
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment