simplified changes

2025-09-04 19:13:04 +02:00 · 2017-02-10 16:06:17 +00:00 · 2017-02-10 16:06:17 +00:00 · 9b905917cc
commit 9b905917cc
parent 80fe4a44a9
3 changed files with 9 additions and 9 deletions
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@ -189,15 +189,15 @@

 - name: Build the client's pair
  local_action: >
-   shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" -batch &&
-      openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" &&
+   shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" -batch &&
+      openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" &&
      touch certs/{{ item }}_crt_generated
  become: no
  args:
    chdir: "configs/{{ IP_subject_alt_name }}/pki/"
    creates: certs/{{ item }}_crt_generated
  environment:
-    subjectAltName: "DNS:{{ IP_subject_alt_name }}_{{ item }},IP:{{ IP_subject_alt_name }}"
+    subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
  with_items: "{{ users }}"

 - name: Build the client's p12
--- a/roles/vpn/templates/mobileconfig.j2
+++ b/roles/vpn/templates/mobileconfig.j2
@ -86,7 +86,7 @@
                    <integer>1440</integer>
                </dict>
                <key>LocalIdentifier</key>
-                <string>{{ IP_subject_alt_name }}_{{ item.0 }}</string>
+                <string>{{ item.0 }}</string>
                <key>PayloadCertificateUUID</key>
                <string>{{ pkcs12_PayloadCertificateUUID }}</string>
                <key>CertificateType</key>
--- a/users.yml
+++ b/users.yml
@ -63,15 +63,15 @@

    - name: Build the client's pair
      local_action: >
-        shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" -batch &&
-          openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" &&
+        shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" -batch &&
+          openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" &&
          touch certs/{{ item }}_crt_generated
      become: no
      args:
        chdir: "configs/{{ IP_subject_alt_name }}/pki/"
        creates: certs/{{ item }}_crt_generated
      environment:
-        subjectAltName: "DNS:{{ IP_subject_alt_name }}_{{ item }},IP:{{ IP_subject_alt_name }}"
+        subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
      with_items: "{{ users }}"

    - name: Build the client's p12
@ -94,7 +94,7 @@

    - name: Get active users
      local_action: >
-        shell grep ^V index.txt | grep -v "{{ IP_subject_alt_name }}" | awk '{print $5}' | sed 's/\/CN={{ IP_subject_alt_name }}_//g'
+        shell grep ^V index.txt | grep -v "{{ IP_subject_alt_name }}" | awk '{print $5}' | sed 's/\/CN=//g'
      become: no
      args:
        chdir: "configs/{{ IP_subject_alt_name }}/pki/"
@ -110,7 +110,7 @@
        chdir: "configs/{{ IP_subject_alt_name }}/pki/"
        creates: crl/{{ item }}_revoked
      environment:
-        subjectAltName: "DNS:{{ IP_subject_alt_name }}_{{ item }},IP:{{ IP_subject_alt_name }}"
+        subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
      when: item not in users
      with_items: "{{ valid_certs.stdout_lines }}"