crypto: Add new module openssl_csr

[Spredzy]

ISSUE TYPE

• New Module Pull Request

COMPONENT NAME

• openssl_csr

ANSIBLE VERSION

ansible 2.3.0 (openssl_csr 13dda2c2c3) last updated 2017/02/03 12:49:27 (GMT +200)
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides

SUMMARY

This module aims to allow a user to manage the lifecycle of SSL Certificate Signing Requests (CSR). Internally it relies on the pyOpenSSL python library to interact with openssl. It supports the SAN extention.

This module is best used with the openssl_privatekey module introduced in ansible/ansible-modules-extras#2326

A simple use case would be :

- openssl_csr:
    commonName: www.ansible.com
    path: /etc/ssl/csr
    privatekey_path: /etc/ssl/private/ansible.com.pem

A user can specify CSR specific subject fields:

- openssl_csr:
    commonName: www.ansible.com
    path: /etc/ssl/csr
    privatekey_path: /etc/ssl/private/ansible.com.pem
    countryName: FR
    organizationName: Ansible
    emailAddress: jdoe@ansible.com

A user can specify subjectAltName (SAN) extention names:

- openssl_csr:
    commonName: www.ansible.com
    path: /etc/ssl/csr
    privatekey_path: /etc/ssl/private/ansible.com.pem
    subjectAltName: 'DNS:www.ansible.com,DNS:m.ansible.com'

A use can also force the regeneration of the CSR:

- openssl_csr:
    commonName: www.ansible.com
    path: /etc/ssl/csr
    privatekey_path: /etc/ssl/private/ansible.com.pem
    force: True

[Spredzy]

cc @mscherer @WhileLoop

[mscherer]

shipit

[lungati]

What's the status on this? Is it available now?

[mscherer]

Ok so merging since there is a specific process and not using the bot for now. We did review that extensively in the past, so I assume that's good.