---
#https://milliams.com/posts/2020/ansible-certificate-authority/

- name: create certs folder
  file:
    path: "{{ certs_path }}"
    state: directory

- name: create CA key
  openssl_privatekey:
    path: "{{ certs_path }}/stageCA.key"
  register: ca_key

- name: create the CA csr
  openssl_csr:
    path: "{{ certs_path }}/stageCA.csr"
    privatekey_path: "{{ ca_key.filename }}"
    common_name: "my-ca"
  register: ca_csr

- name: sign the CA csr
  openssl_certificate:
    path: "{{ certs_path }}/stageCA.crt"
    csr_path: "{{ ca_csr.filename }}"
    privatekey_path: "{{ ca_key.filename }}"
    provider: selfsigned
  register: ca_crt

- name: create key and csr 
  shell: "openssl req -newkey rsa:2048 -days 1095 -nodes -keyout {{ certs_path }}/stage-ge.org.key -out {{ certs_path }}/stage-ge.org.csr -config ./files/certs/ca-config -subj '/'"
  changed_when: false

- name: create wilcard cert
  shell: "openssl x509 -req -in {{ certs_path }}/stage-ge.org.csr -CA {{ certs_path }}/stageCA.crt -CAkey {{ certs_path }}/stageCA.key -CAcreateserial -extfile ./files/certs/wilcard.cnf -out {{ certs_path }}/stage-ge.org.crt -days 365 -sha256"
  changed_when: false