emisca
commented
3 years ago $ git diff tasks/ssl-creation.yaml
diff --git a/tasks/ssl-creation.yaml b/tasks/ssl-creation.yaml
index 1fca369..a08b987 100644
--- a/tasks/ssl-creation.yaml
+++ b/tasks/ssl-creation.yaml
@@ -15,7 +15,9 @@
openssl_csr:
path: /root/files/ssl/{{ item }}_client.csr
privatekey_path: /root/files/ssl/{{ item }}.key
- common_name: "{{ item }}"
+ common_name: "{{ item }}-clientcert"
+ organization_name: omansible
+ organizational_unit_name: clients
subject_alt_name: "DNS:{{ item }},DNS:{{ item }}.omansible.int"
extended_key_usage: clientAuth
with_items:
@@ -39,6 +41,8 @@
path: /root/files/ssl/{{ item }}_server.csr
privatekey_path: /root/files/ssl/{{ item }}.key
common_name: "{{ item }}"
+ organization_name: omansible
+ organizational_unit_name: servers
subject_alt_name: "DNS:{{ item }},DNS:{{ item }}.omansible.int"
extended_key_usage: serverAuth
with_items:
@@ -55,6 +59,8 @@
path: /root/files/ssl/{{ item }}_internal.csr
privatekey_path: /root/files/ssl/{{ item }}.key
common_name: "{{ item }}"
+ organization_name: omansible
+ organizational_unit_name: internal
subject_alt_name: "DNS:{{ item }},DNS:{{ item }}.omansible.int"
extended_key_usage:
- serverAuthThis patch fixes this.
This is required for MongoDB Server when you run it with
clusterAuthMode: x509,