From 02d4a5892bb3019d448c453ad279788fcd3f1531 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 15 Jun 2016 18:08:48 +0200 Subject: certs/public: fetch each cert's pubkey (SPKI), not the cert itself. To avoid new commits upon cert renewal. --- roles/MSA/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/MSA/tasks') diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml index d9a3d47..7ae2680 100644 --- a/roles/MSA/tasks/main.yml +++ b/roles/MSA/tasks/main.yml @@ -28,7 +28,7 @@ # Ensure we don't fetch private data become: False # `/usr/sbin/postmulti -i msa -x /usr/sbin/postconf -xh smtpd_tls_cert_file` - fetch_cmd: cmd="openssl x509" + fetch_cmd: cmd="openssl x509 -noout -pubkey" stdin=/etc/postfix/ssl/smtp.fripost.org.pem dest=certs/public/smtp.fripost.org.pem tags: -- cgit v1.2.3