search

pfsensible / core

Core modules for managing pfSense firewalls with ansible
GNU General Public License v3.0
205 stars 52 forks source link

Is it possible to add a key to the Certificate Authority? #57

Open DeepZeepOk opened 1 year ago

DeepZeepOk commented 1 year ago

If not, is there any plan to add this feature?

opoplawski commented 1 year ago

I don't have a need for it so it's not high on my priority list. PRs are welcome though.

opoplawski commented 9 months ago

Are you looking for the equivalent of the "create internal CA" web configuration, or something different?

OtterHacker commented 3 months ago

If this is related to the possibility to import a CA with a private key, it can be simply implemented : In _validate_params

if params['key'] is not None:
      ca_key = params['key']
      lines = ca_key.splitlines()
      if lines[0] == '-----BEGIN PRIVATE KEY-----' and lines[-1] == '-----END PRIVATE KEY-----':
          params['key'] = base64.b64encode(ca_key.encode()).decode()
      elif not re.match('LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0t', ca_key):
          self.module.fail_json(msg='Could not recognize CA key format: %s' % (ca_key))

And in _params_to_obj:

if 'key' in params and params['key'] is not None:
      obj['prv'] = params['key']