diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-06-28 19:25:44 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:04 +0200 |
| commit | a0b0b6de279d37641dd1eeb374e52d6fce73ab1d (patch) | |
| tree | c673d5b3d3361d33b9cc878bf8af43bfc59eabff /roles/common/tasks | |
| parent | 0040ab5bec158c5d316b6c0db22d9327ecc60e3a (diff) | |
Add support for CSR and subjectAltName in genkeypair.sh.
Diffstat (limited to 'roles/common/tasks')
| -rw-r--r-- | roles/common/tasks/ipsec.yml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml index 6b97ddb..5e0115e 100644 --- a/roles/common/tasks/ipsec.yml +++ b/roles/common/tasks/ipsec.yml @@ -1,27 +1,27 @@ - name: Install strongSwan apt: pkg=strongswan-ikev2 - name: Generate a key pair for IPSec command: genkeypair.sh --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem --privkey=/etc/ipsec.d/private/{{ inventory_hostname }}.key - -n {{ inventory_hostname }} + --dns {{ inventory_hostname }} -t ecdsa -b secp521r1 -h sha512 register: r1 failed_when: r1.rc > 1 changed_when: r1.rc == 0 notify: - Restart IPSec - name: Fetch the public part of IPSec's host key sudo: False # Ensure we don't fetch private data fetch: src=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem dest=certs/ipsec/ fail_on_missing=yes flat=yes # Don't copy our pubkey due to a possible race condition. Only the # remote machine has authority regarding its key. - name: Copy IPSec host pubkeys (except ours) copy: src=certs/ipsec/{{ item }}.pem dest=/etc/ipsec.d/certs/{{ item }}.pem |