Skip to content

Latest commit

 

History

History
62 lines (41 loc) · 2.91 KB

README.md

File metadata and controls

62 lines (41 loc) · 2.91 KB

selfsigned_certificate cookbook

This cookbook allow you to create a self signed certificate using openssl. The certificate is configured using the provided attributes.

Requirements

No requirement. Openssl package will be installed along the default recipe.

Usage

You can generate the self-signed certificate once, using :

if !(File.exist? node['selfsigned_certificate']['destination'])
	log "No self-signed certificate found (targeted destination: #{node['selfsigned_certificate']['destination']}"
	include_recipe "selfsigned_certificate::default" 
	log "created th server self-signed certificate to #{node['selfsigned_certificate']['destination']}"
else 
	log "Certificate already exists in #{node['selfsigned_certificate']['destination']}, no overriding."
end

(because include_recipe is a ruby instruction !)

Testing

You can test the cookbook using the provided Vagrantfile. Make sure you edit sample attribute provided in the Vagrantfile to match your test needs.

Unit tests are provided by the mean of kitchen-test. You can run the test (for now only one teesting certificate creation) by running : kitchen test

Beware: vagrant 1.2.x aka Vagrant 2 is mandatory.

Depending on this cookbook

  1. Make your cookbook depends on this cookbook (e.g. in your Berksfile if you are using berkshelf, and in your metadata).
  2. You must override all the attributes as described below, except node.selfsigned_certifcate[:destination] which is recommended but not compulsory.
  3. Call the recipe using include_recipe 'selfsigned_certificate'
  4. You can then use the generated certificate in your own template using the attribute node.selfsigned_certifcate[:destination]/server.crt (and .key), for instance for nginx or Apache configuration.

Attributes

  • node.selfsigned_certifcate[:destination] : Where to store the created self-signed certificate.
  • node.selfsigned_certifcate[:sslpassphrase] : The passphrase used to generate the request for signature and self CA signature. Obviously very sensible, you should configure it in your attribute files using a databag.
  • node.selfsigned_certifcate[:country] : Country code for the certificate.
  • node.selfsigned_certifcate[:state] : State for the certificate.
  • node.selfsigned_certifcate[:city] : City for the certificate.
  • node.selfsigned_certifcate[:orga] : Organisation for the certificate.
  • node.selfsigned_certifcate[:depart] : Departement for the certificate.
  • node.selfsigned_certifcate[:cn] : Common name for the certificate.
  • node.selfsigned_certifcate[:email] : Contact email for the certificate.

Recipes

Default recipe in current version.

Author

Author:: Christophe Gravier ([email protected])

Licence:: Apache 2.0