This cookbook allow you to create a self signed certificate using openssl. The certificate is configured using the provided attributes.
No requirement. Openssl package will be installed along the default recipe.
You can generate the self-signed certificate once, using :
if !(File.exist? node['selfsigned_certificate']['destination'])
log "No self-signed certificate found (targeted destination: #{node['selfsigned_certificate']['destination']}"
include_recipe "selfsigned_certificate::default"
log "created th server self-signed certificate to #{node['selfsigned_certificate']['destination']}"
else
log "Certificate already exists in #{node['selfsigned_certificate']['destination']}, no overriding."
end
(because include_recipe is a ruby instruction !)
You can test the cookbook using the provided Vagrantfile. Make sure you edit sample attribute provided in the Vagrantfile to match your test needs.
Unit tests are provided by the mean of kitchen-test. You can run the test (for now only one teesting certificate creation) by running :
kitchen test
Beware: vagrant 1.2.x aka Vagrant 2 is mandatory.
- Make your cookbook depends on this cookbook (e.g. in your Berksfile if you are using berkshelf, and in your metadata).
- You must override all the attributes as described below, except
node.selfsigned_certifcate[:destination]which is recommended but not compulsory. - Call the recipe using
include_recipe 'selfsigned_certificate' - You can then use the generated certificate in your own template using the attribute
node.selfsigned_certifcate[:destination]/server.crt(and.key), for instance for nginx or Apache configuration.
node.selfsigned_certifcate[:destination]: Where to store the created self-signed certificate.node.selfsigned_certifcate[:sslpassphrase]: The passphrase used to generate the request for signature and self CA signature. Obviously very sensible, you should configure it in your attribute files using a databag.node.selfsigned_certifcate[:country]: Country code for the certificate.node.selfsigned_certifcate[:state]: State for the certificate.node.selfsigned_certifcate[:city]: City for the certificate.node.selfsigned_certifcate[:orga]: Organisation for the certificate.node.selfsigned_certifcate[:depart]: Departement for the certificate.node.selfsigned_certifcate[:cn]: Common name for the certificate.node.selfsigned_certifcate[:email]: Contact email for the certificate.
Default recipe in current version.
Author:: Christophe Gravier (christophe.gravier@univ-st-etienne.fr)
Licence:: Apache 2.0