--- - block: - name: Generate privatekey openssl_privatekey: path: '{{ output_dir }}/privatekey.pem' - name: Generate CSR openssl_csr: path: '{{ output_dir }}/csr.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' subject: commonName: www.ansible.com # keyUsage longname and shortname should be able to be used # interchangeably. Hence the long name is specified here # but the short name is used to test idempotency for ipsecuser # and vice-versa for biometricInfo - name: Generate CSR with KU and XKU openssl_csr: path: '{{ output_dir }}/csr_ku_xku.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' subject: CN: www.ansible.com keyUsage: - digitalSignature - keyAgreement extendedKeyUsage: - qcStatements - DVCS - IPSec User - biometricInfo - name: Generate CSR with KU and XKU (test idempotency) openssl_csr: path: '{{ output_dir }}/csr_ku_xku.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' subject: commonName: 'www.ansible.com' keyUsage: - digitalSignature - keyAgreement extendedKeyUsage: - ipsecUser - qcStatements - DVCS - Biometric Info register: csr_ku_xku - name: Generate CSR with old API openssl_csr: path: '{{ output_dir }}/csr_oldapi.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' commonName: www.ansible.com - name: Generate CSR with OCSP Must Staple openssl_csr: path: '{{ output_dir }}/csr_ocsp.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' subject_alt_name: "DNS:www.ansible.com" ocsp_must_staple: true - name: Generate CSR with OCSP Must Staple (test idempotency) openssl_csr: path: '{{ output_dir }}/csr_ocsp.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' subject_alt_name: "DNS:www.ansible.com" ocsp_must_staple: true register: csr_ocsp_idempotency - name: Generate ECC privatekey openssl_privatekey: path: '{{ output_dir }}/privatekey2.pem' type: ECC curve: secp256k1 - name: Generate CSR with ECC privatekey openssl_csr: path: '{{ output_dir }}/csr2.csr' privatekey_path: '{{ output_dir }}/privatekey2.pem' subject: commonName: www.ansible.com - import_tasks: ../tests/validate.yml when: pyopenssl_version.stdout is version('0.15', '>=')