From 7e5a76e7996ebcba36536c8fecd31a95280f3417 Mon Sep 17 00:00:00 2001
From: B Stack <bgstack15@gmail.com>
Date: Wed, 6 Dec 2017 06:51:36 -0500
Subject: Initial commit

---
 tasks/1_certreq.yml      | 41 +++++++++++++++++++++++++++++++++++++++++
 tasks/2_generate_pfx.yml | 29 +++++++++++++++++++++++++++++
 tasks/main.yml           |  9 +++++++++
 3 files changed, 79 insertions(+)
 create mode 100644 tasks/1_certreq.yml
 create mode 100644 tasks/2_generate_pfx.yml
 create mode 100644 tasks/main.yml

(limited to 'tasks')

diff --git a/tasks/1_certreq.yml b/tasks/1_certreq.yml
new file mode 100644
index 0000000..e4f06d7
--- /dev/null
+++ b/tasks/1_certreq.yml
@@ -0,0 +1,41 @@
+---
+# Reference: Use template name, not "template display name" https://social.technet.microsoft.com/Forums/en-US/d5cafc77-3376-43ca-94fd-6b07f7cb193f/using-certutilcertreq-to-get-sccm-client-certs-nondomain-clients?forum=configmgrgeneral
+
+## read in custom variable, based on domain of the host
+- name: read which CA to work with
+  include_vars: "{{ item }}"
+  with_first_found:
+  - '{{ ansible_dns.search[0] }}.yml'
+  - 'prod1.yml'
+  no_log: true
+
+- name: deploy dependencies
+  copy:
+    src: "{{ item.f }}"
+    dest: "/tmp/{{ item.f }}"
+    mode: "{{ item.m }}"
+    owner: root
+    group: root
+  with_items:
+  - { f: 'framework.sh', m: '0755' }
+  - { f: 'certreq.conf', m: '0644' }
+  changed_when: false
+
+- name: request certificate
+  script: certreq.sh -c /tmp/certreq.conf -u "{{ ca_user }}" -p "{{ ca_pass }}" -t "{{ ca_template }}" --ca "{{ ca_host }}"
+  register: certreq
+
+- debug:
+    msg: "{{ certreq }}"
+
+#- pause:
+#    prompt: 'DOES THE ABOVE LOOK OK?...................'
+
+- name: cleanup
+  file:
+    path: "/tmp/{{ item.f }}"
+    state: absent
+  with_items:
+  - { f: 'framework.sh', m: '0755' }
+  - { f: 'certreq.conf', m: '0644' }
+  changed_when: false
diff --git a/tasks/2_generate_pfx.yml b/tasks/2_generate_pfx.yml
new file mode 100644
index 0000000..ec45282
--- /dev/null
+++ b/tasks/2_generate_pfx.yml
@@ -0,0 +1,29 @@
+---
+# Reference: https://bgstack15.wordpress.com/2016/06/30/manipulating-ssl-certificates/
+
+- name: save private key file as variable
+  shell: warn=no echo "{{ certreq.stdout }}" | awk '/^key:/{print $2;}'
+  register: privatekey
+  failed_when: privatekey.stdout_lines | length != 1
+  changed_when: false
+# privatekey.stdout
+
+- name: save public key file as variable
+  shell: warn=no echo "{{ certreq.stdout }}" | awk '/^certificate:/{print $2;}'
+  register: publickey
+  failed_when: publickey.stdout_lines | length != 1
+  changed_when: false
+# publickey.stdout
+
+- name: save cert chain file as variable
+  shell: warn=no echo "{{ certreq.stdout }}" | awk '/^chain:/{print $2;}'
+  register: chain
+  failed_when: chain.stdout_lines | length != 1
+  changed_when: false
+# chain.stdout
+
+- name: generate pkcs12 file
+  shell: warn=no openssl pkcs12 -export -in "{{ publickey.stdout }}" -inkey "{{ privatekey.stdout }}" -out /tmp/certnew.pfx -CAfile "{{ chain.stdout }}" -certfile "{{ chain.stdout }}" -passin pass:'' -passout pass:''
+  register: pfx
+
+...
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..36de385
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- block:
+  #- ping:
+  - include_tasks: 1_certreq.yml
+  - include_tasks: 2_generate_pfx.yml
+  become: yes
+  become_user: root
+  become_method: sudo
+...
-- 
cgit