Documentation

v2.18
latest v2.19 v2.18 v2.17 v2.16 v2.15 v2.14 v2.12 v2.11 v2.10 v2.9 v2.8 v2.7 v2.6 v2.5 v2.4 v2.3 v2.2 v2.1 v2.0 v1.10 v1.9 v1.8 v1.7 v1.6 v1.5 v1.4 v1.3 v1.2 v1.1 v1.0
    Edit on GitHub

    PLEASE NOTE: This document applies to v2.18 version and not to the latest stable release v2.19

    Documentation for other releases can be found by using the version selector in the top right of any doc page.

    openssl_certificate

    Generate and manage SSL/TLS certificates.

    Attributes

    check_mode:
  support: full

    Parameters

    Parameter Required Type Values Description
    common_name true string   Common Name (CN) for the certificate.
    force   boolean   Whether to force regeneration even if certificate exists. [default: false]
    group   string   Group of the certificate file (name, not GID).
    mode   string   Permissions of the certificate file.
    owner   string   Owner of the certificate file (name, not UID).
    path true string   Absolute path to the certificate file.
    privatekey_path true string   Path to the private key file.
    provider   string selfsigned Name of the provider to use. [default: "selfsigned"]
    valid_in   integer   Number of days the certificate is valid. [default: 365]

    Examples

    - name: Generate self-signed certificate
  openssl_certificate:
    path: /etc/ssl/certs/server.crt
    privatekey_path: /etc/ssl/private/server.key
    common_name: example.com
    provider: selfsigned
    valid_in: 365

- name: Generate self-signed certificate with custom settings
  openssl_certificate:
    path: /etc/ssl/certs/server.crt
    privatekey_path: /etc/ssl/private/server.key
    common_name: example.com
    provider: selfsigned
    valid_in: 365
    mode: "0644"