aboutsummaryrefslogtreecommitdiff
path: root/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'tasks')
-rw-r--r--tasks/1_certreq.yml41
-rw-r--r--tasks/2_generate_pfx.yml29
-rw-r--r--tasks/main.yml9
3 files changed, 79 insertions, 0 deletions
diff --git a/tasks/1_certreq.yml b/tasks/1_certreq.yml
new file mode 100644
index 0000000..e4f06d7
--- /dev/null
+++ b/tasks/1_certreq.yml
@@ -0,0 +1,41 @@
+---
+# Reference: Use template name, not "template display name" https://social.technet.microsoft.com/Forums/en-US/d5cafc77-3376-43ca-94fd-6b07f7cb193f/using-certutilcertreq-to-get-sccm-client-certs-nondomain-clients?forum=configmgrgeneral
+
+## read in custom variable, based on domain of the host
+- name: read which CA to work with
+ include_vars: "{{ item }}"
+ with_first_found:
+ - '{{ ansible_dns.search[0] }}.yml'
+ - 'prod1.yml'
+ no_log: true
+
+- name: deploy dependencies
+ copy:
+ src: "{{ item.f }}"
+ dest: "/tmp/{{ item.f }}"
+ mode: "{{ item.m }}"
+ owner: root
+ group: root
+ with_items:
+ - { f: 'framework.sh', m: '0755' }
+ - { f: 'certreq.conf', m: '0644' }
+ changed_when: false
+
+- name: request certificate
+ script: certreq.sh -c /tmp/certreq.conf -u "{{ ca_user }}" -p "{{ ca_pass }}" -t "{{ ca_template }}" --ca "{{ ca_host }}"
+ register: certreq
+
+- debug:
+ msg: "{{ certreq }}"
+
+#- pause:
+# prompt: 'DOES THE ABOVE LOOK OK?...................'
+
+- name: cleanup
+ file:
+ path: "/tmp/{{ item.f }}"
+ state: absent
+ with_items:
+ - { f: 'framework.sh', m: '0755' }
+ - { f: 'certreq.conf', m: '0644' }
+ changed_when: false
diff --git a/tasks/2_generate_pfx.yml b/tasks/2_generate_pfx.yml
new file mode 100644
index 0000000..ec45282
--- /dev/null
+++ b/tasks/2_generate_pfx.yml
@@ -0,0 +1,29 @@
+---
+# Reference: https://bgstack15.wordpress.com/2016/06/30/manipulating-ssl-certificates/
+
+- name: save private key file as variable
+ shell: warn=no echo "{{ certreq.stdout }}" | awk '/^key:/{print $2;}'
+ register: privatekey
+ failed_when: privatekey.stdout_lines | length != 1
+ changed_when: false
+# privatekey.stdout
+
+- name: save public key file as variable
+ shell: warn=no echo "{{ certreq.stdout }}" | awk '/^certificate:/{print $2;}'
+ register: publickey
+ failed_when: publickey.stdout_lines | length != 1
+ changed_when: false
+# publickey.stdout
+
+- name: save cert chain file as variable
+ shell: warn=no echo "{{ certreq.stdout }}" | awk '/^chain:/{print $2;}'
+ register: chain
+ failed_when: chain.stdout_lines | length != 1
+ changed_when: false
+# chain.stdout
+
+- name: generate pkcs12 file
+ shell: warn=no openssl pkcs12 -export -in "{{ publickey.stdout }}" -inkey "{{ privatekey.stdout }}" -out /tmp/certnew.pfx -CAfile "{{ chain.stdout }}" -certfile "{{ chain.stdout }}" -passin pass:'' -passout pass:''
+ register: pfx
+
+...
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..36de385
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- block:
+ #- ping:
+ - include_tasks: 1_certreq.yml
+ - include_tasks: 2_generate_pfx.yml
+ become: yes
+ become_user: root
+ become_method: sudo
+...
bgstack15