seanho00
commented
6 years ago If we want the keys to be completely managed by ansible for both client and server, follow the burp docs on SSL certs. Store all certs on the ansible server (like for tinc) and push to client/server. Then disable auto-generation of certs on both client and server. The CA signing authority lives only on the ansible server, not on the backup server.
This solution obviates #7.
Imported from https://github.com/ho-ansible/ansible/issues/21