Closed bschonec closed 1 year ago
hi,
that works already, as this example:
...
certs::sites:
'example.com':
service: false
dhparam: true
dhparam_content: "%{hiera('example_dh_2048')}"
dhparam_file: 'dh_2048.pem'
dhparam_dir: '/etc/ssl/private'
ca_name: "digicert_sha256_2020_ca1"
ca_cert: true
ca_content: "%{hiera('digicert_tls_rsa_sha256_2020_ca1')}"
cert_chain: true
chain_path: '/etc/ssl/private'
chain_name: "example_chain"
chain_content: "%{hiera('wildcard_example_cert')}%{hiera('digicert_tls_rsa_sha256_2020_ca1')}"
cert_content: "%{hiera('wildcard_example_cert')}"
cert_mode: '0640'
group: 'ssl-cert'
key_content: "%{hiera('wildcard_example_key')}"
key_mode: '0640'
...
wildcard_example_cert: |
-----BEGIN CERTIFICATE-----
MIIGuTCCBaGgAwIBAgIQD4uhXDRfP7w9hohPiDC1bzANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
...
-----END CERTIFICATE-----
#!
...
wildcard_example_key: DEC(155)::GPG[-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAw3bX1F8SiKkV+FAppFSrBHnq8lhGZcFTe5cmCjKzBl5TcCAx
...
Same for key / certs / dh ...
cu denny
Thank you for the information. I have created both public and private certs using your help.
It would be nice to be able to create the public and private cert/key files via a definition in Hiera. The public key can be defined in clear text and the private key could be defined via eyaml encryption.