{"id":62,"date":"2021-07-05T17:58:40","date_gmt":"2021-07-05T17:58:40","guid":{"rendered":"https:\/\/elevenguard.com\/blog\/?p=62"},"modified":"2021-07-14T10:49:12","modified_gmt":"2021-07-14T10:49:12","slug":"ansible-openssl","status":"publish","type":"post","link":"https:\/\/elevenguard.com\/blog\/ansible-openssl\/","title":{"rendered":"Setting Up a Self-Signed Certificate in Ansible"},"content":{"rendered":"\n

The primary purpose of DevOps is to automate code deployments and testing for more rapid software development. In most environments, SSL\/TLS certificates<\/a> are necessary for data encryption to avoid eavesdropping and man-in-the-middle attacks. For development environments, an SSL\/TLS certificate might not be necessary, but you need one installed to avoid errors and bypass certificate validation in production code. A self-signed certificate will remediate development issues with SSL\/TLS certificates so that they can be bypassed during testing. Ansible OpenSSL<\/strong> allows you to install a self-signed certificate for your development environment, but you first must create and install it.
<\/p>\n\n\n\n

Self-Signed vs. Certificate Authority (CA)<\/h2>\n\n\n\n

Before using a self-signed certificate, you should know the difference between installing a certificate from a CA and using self-signed certificates. Self-signed certificates are untrusted and should only be used in development environments. They are a workaround for SSL\/TLS validation while you develop an application.<\/p>\n\n\n\n

In a production environment, you generate private keys to create a CSR (certified signing request) signed and validated by a CA that then tells users and applications that the certificate should be trusted. If you use a self-signed certificate in production, users will receive warnings not to trust the host. Self-signed certificates can be used in phishing attacks, so modern browsers warn users not to trust a host without a valid CA-signed certificate.<\/p>\n\n\n\n

In a development environment, a self-signed certificate might be necessary, but know that they should never be used in production.
<\/p>\n\n\n\n

Creating a Self-Signed Certificate<\/h2>\n\n\n\n

The first step before certificate creation is to ensure Ansible is installed. Run the following command to get the Ansible version:<\/p>\n\n\n\n

$ ansible --version<\/pre>\n\n\n\n
Next, you need to install the pyOpenSSL dependency to generate keys. Run the following command to install pyOpenSSL with pip (replace pip3 with pip if you are using version 2.x):<\/p>\n\n\n\n
$ sudo pip3 install pyOpenSSL<\/pre>\n\n\n\n
Ansible relies on three modules to create keys and set up the self-signed certificate. Ensure that these three modules are installed:<\/p>\n\n\n\n