ISTI-ansible-roles
/
ansible-role-basic-system-setup
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Distrust DST X3.

This commit is contained in:
Andrea Dell'Amico 2021-09-30 19:49:02 +02:00
parent b58846c3b4
commit bc8fd9bc9b
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
tasks/trusted_ca.yml
View File

@ -62,6 +62,25 @@
when: ansible_distribution_file_variety == "Debian" when: ansible_distribution_file_variety == "Debian"
tags: [ 'pki', 'trusted_ca', 'letsencrypt_ca' ] tags: [ 'pki', 'trusted_ca', 'letsencrypt_ca' ]
- name: Distrust the DST Root CA X3 in Ubuntu Trusty
block:
- name: Comment the mozilla/DST_Root_CA_X3.crt entry
lineinfile:
path: /etc/ca-certificates.conf
regexp: '^mozilla/DST_Root_CA_X3.crt'
line: '!mozilla/DST_Root_CA_X3.crt'
register: dst_x3_distrust
- name: Trust the CA files on deb
command: /usr/sbin/update-ca-certificates
when: dst_x3_distrust is changed
when:
- ansible_distribution_file_variety == "Debian"
- ansible_distribution_version is version_compare('14.04', '==')
tags: [ 'pki', 'obsolete_ca' ]
- name: Manage the Letsencrypt CA files on deb - name: Manage the Letsencrypt CA files on deb
block: block:
- name: Download the letsencrypt CA files on deb - name: Download the letsencrypt CA files on deb