Add support for CSR and subjectAltName in genkeypair.sh.

author: Guilhem Moulin <guilhem@fripost.org> 2014-06-28 19:25:44 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:52:04 +0200
commit: a0b0b6de279d37641dd1eeb374e52d6fce73ab1d (patch)
tree: c673d5b3d3361d33b9cc878bf8af43bfc59eabff /roles/common/tasks/ipsec.yml
parent: 0040ab5bec158c5d316b6c0db22d9327ecc60e3a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
index 6b97ddb..5e0115e 100644
--- a/roles/common/tasks/ipsec.yml
+++ b/roles/common/tasks/ipsec.yml
@@ -1,27 +1,27 @@
 - name: Install strongSwan
   apt: pkg=strongswan-ikev2
 
 - name: Generate a key pair for IPSec
   command: genkeypair.sh --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
                          --privkey=/etc/ipsec.d/private/{{ inventory_hostname }}.key
-                         -n {{ inventory_hostname }}
+                         --dns {{ inventory_hostname }}
                          -t ecdsa -b secp521r1 -h sha512
   register: r1
   failed_when: r1.rc > 1
   changed_when: r1.rc == 0
   notify:
     - Restart IPSec
 
 - name: Fetch the public part of IPSec's host key
   sudo: False
   # Ensure we don't fetch private data
   fetch: src=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
          dest=certs/ipsec/
          fail_on_missing=yes
          flat=yes
 
 # Don't copy our pubkey due to a possible race condition.  Only the
 # remote machine has authority regarding its key.
 - name: Copy IPSec host pubkeys (except ours)
   copy: src=certs/ipsec/{{ item }}.pem
         dest=/etc/ipsec.d/certs/{{ item }}.pem
author	Guilhem Moulin <guilhem@fripost.org>	2014-06-28 19:25:44 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:52:04 +0200
commit	a0b0b6de279d37641dd1eeb374e52d6fce73ab1d (patch)
tree	c673d5b3d3361d33b9cc878bf8af43bfc59eabff /roles/common/tasks/ipsec.yml
parent	0040ab5bec158c5d316b6c0db22d9327ecc60e3a (diff)