From 3ff1e540bf170acabd9d5580b4d10acab543acda Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 12 Sep 2014 20:59:39 +0200 Subject: Key usage 'keyCertSign' is required for self-signed certificates. --- roles/common-LDAP/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/common-LDAP') diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml index e86fa45..60ccc76 100644 --- a/roles/common-LDAP/tasks/main.yml +++ b/roles/common-LDAP/tasks/main.yml @@ -43,7 +43,7 @@ --pubkey=/etc/ldap/ssl/{{ item.name }}.pem --privkey=/etc/ldap/ssl/{{ item.name }}.key --ou=LDAP {{ item.ou }} --cn={{ item.name }} - --usage=digitalSignature,keyEncipherment + --usage=digitalSignature,keyEncipherment,keyCertSign -t rsa -b 4096 -h sha256 --chown="root:openldap" --chmod=0640 register: r2 -- cgit v1.2.3