From 3ff1e540bf170acabd9d5580b4d10acab543acda Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Fri, 12 Sep 2014 20:59:39 +0200
Subject: Key usage 'keyCertSign' is required for self-signed certificates.

---
 roles/common-LDAP/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roles/common-LDAP')

diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index e86fa45..60ccc76 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -43,7 +43,7 @@
                          --pubkey=/etc/ldap/ssl/{{ item.name }}.pem
                          --privkey=/etc/ldap/ssl/{{ item.name }}.key
                          --ou=LDAP {{ item.ou }} --cn={{ item.name }}
-                         --usage=digitalSignature,keyEncipherment
+                         --usage=digitalSignature,keyEncipherment,keyCertSign
                          -t rsa -b 4096 -h sha256
                          --chown="root:openldap" --chmod=0640
   register: r2
-- 
cgit v1.2.3