From 4cc8fe0a22e3fadfa3a5316e86ae9f1ce98e26cf Mon Sep 17 00:00:00 2001 From: Christoph Haas Date: Sun, 4 Oct 2015 14:04:35 +0200 Subject: [PATCH] Restrict access permissions of the private key --- roles/ispmail-certificate/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/ispmail-certificate/tasks/main.yml b/roles/ispmail-certificate/tasks/main.yml index df196e5..ae05a88 100644 --- a/roles/ispmail-certificate/tasks/main.yml +++ b/roles/ispmail-certificate/tasks/main.yml @@ -1,4 +1,6 @@ --- - name: Create a self-signed certificate shell: openssl req -new -x509 -days 3650 -subj "/C=DE/ST=Hamburg/L=Hamburg/O=IT/CN={{ansible_fqdn}}" -nodes -sha256 -newkey rsa:4096 -out /etc/ssl/certs/mailserver.pem -keyout /etc/ssl/private/mailserver.pem -extensions v3_ca creates=/etc/ssl/certs/mailserver.pem +- name: Restrict access permissions of the private key + file: path=/etc/ssl/private/mailserver.pem mode=0640