change cnf

2024-07-09 21:49:24 +03:00
parent 0d77b94b59
commit b617726baa
3 changed files with 27 additions and 4 deletions
--- a/roles/rproxy/tasks/main.yml
+++ b/roles/rproxy/tasks/main.yml
@@ -79,7 +79,7 @@

    - name: Generate server csr
      ansible.builtin.shell:
-        cmd: 'openssl req -key {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.key -new -out {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.csr -config {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.cnf -days 365'
+        cmd: 'openssl req -key {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.key -new -out {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.csr -config {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.cnf'

    - name: Sign server certificate
      ansible.builtin.shell:
--- a/roles/rproxy/templates/server.cnf.j2
+++ b/roles/rproxy/templates/server.cnf.j2
@@ -1,4 +1,3 @@
-[ req ]
 prompt                 = no
 days                   = 365
 distinguished_name     = {{ rproxy_service_name }}.{{ domain.stdout }}
@@ -15,10 +14,10 @@ commonName             = {{ rproxy_service_name }}.{{ domain.stdout }}
 emailAddress           = admin@{{ domain.stdout }}

 [ v3_req ]
-basicConstraints       = CA:false
+basicConstraints       = critical; CA:false
 extendedKeyUsage       = serverAuth
 subjectAltName         = @sans

-[sans]
+[ sans ]
 DNS.1 = *.{{ domain.stdout }}
 IP.1 = {{ rproxy_service_address }}