fix cnf

2024-07-11 00:59:00 +03:00
parent 358533399f
commit 17bb4d1271
2 changed files with 9 additions and 4 deletions
--- a/roles/rproxy/tasks/main.yml
+++ b/roles/rproxy/tasks/main.yml
@@ -83,7 +83,7 @@

    - name: Sign server certificate
      ansible.builtin.shell:
-        cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.csr -out {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.cnf'
+        cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.csr -out {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.crt -CAcreateserial -config {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.cnf -days 365'

    - name: Create fullchain certificate
      ansible.builtin.shell:
--- a/roles/rproxy/templates/server.cnf.j2
+++ b/roles/rproxy/templates/server.cnf.j2
@@ -1,8 +1,8 @@
 [ req ]
 prompt                 = no
-days                   = 365
 distinguished_name     = {{ rproxy_service_name }}.{{ domain.stdout }}
 req_extensions         = v3_req
+x509_extensions		   = v3_x509


 [ {{  rproxy_service_name  }}.{{ domain.stdout }} ]
@@ -19,6 +19,11 @@ basicConstraints       = CA:false
 keyUsage               = digitalSignature, keyEncipherment
 subjectAltName         = @sans

+[ v3_x509 ]
+basicConstraints       = CA:false
+keyUsage               = digitalSignature, keyEncipherment
+subjectAltName         = @sans
+
 [ sans ]
-DNS.1 = *.{{ domain.stdout }}
+DNS.1 = {{ rproxy_service_name }}.{{ domain.stdout }}
 IP.1 = {{ rproxy_service_address }}