Restrict access permissions of the private key

10 年之前 · 4cc8fe0a22
--- a/roles/ispmail-certificate/tasks/main.yml
+++ b/roles/ispmail-certificate/tasks/main.yml
@@ -1,4 +1,6 @@
 ---
 - name: Create a self-signed certificate
  shell: openssl req -new -x509 -days 3650 -subj "/C=DE/ST=Hamburg/L=Hamburg/O=IT/CN={{ansible_fqdn}}" -nodes -sha256 -newkey rsa:4096 -out /etc/ssl/certs/mailserver.pem -keyout /etc/ssl/private/mailserver.pem -extensions v3_ca creates=/etc/ssl/certs/mailserver.pem
 - name: Restrict access permissions of the private key
  file: path=/etc/ssl/private/mailserver.pem mode=0640