Generate SSL certificate

By default, the generation of the SSL certificate for the web server is disabled

poudriere_cert: false

By default, the names of the files are poudriere.key and poudriere.crt

poudriere_ssl_dir: /usr/local/etc/ssl
poudriere_ssl_private_dir: /usr/local/etc/ssl/private
poudriere_cert_key: "{{ poudriere_ssl_private_dir }}/poudriere.key"
poudriere_csr_path: "{{ poudriere_ssl_dir }}/csr/poudriere.csr"
poudriere_cert_path: "{{ poudriere_ssl_dir }}/crt/poudriere.crt"

Optionally, change the paths and names of the files, e.g.

poudriere_cert_cn: build.example.com
poudriere_cert_key: "{{ poudriere_ssl_private_dir }}/{{ poudriere_cert_cn }}.key"
poudriere_cert_csr: "{{ poudriere_ssl_dir }}/csr/{{ poudriere_cert_cn }}.csr"
poudriere_cert_path: "{{ poudriere_ssl_dir }}/certs/{{ poudriere_cert_cn }}.crt"

Optionally enable and generate the SSL certificate

shell> ansible-playbook pb.yml -t poudriere_cert -e poudriere_cert=true

Review the created files, ownership, and the permissions

 1shell> tree /usr/local/etc/ssl/
 2/usr/local/etc/ssl/
 3|-- cert.pem
 4|-- cert.pem.sample -> ../../share/certs/ca-root-nss.crt
 5|-- certs
 6|   `-- build.example.com.crt
 7|-- crt
 8|   `-- build.example.com-sk.crt
 9|-- csr
10|   `-- build.example.com.csr
11`-- private
12    |-- build.example.com-sk.key
13    `-- build.example.com.key

See also