diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 24485abf..725ef9ef 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -189,15 +189,15 @@
- name: Build the client's pair
local_action: >
- shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" -batch &&
- openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" &&
+ shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" -batch &&
+ openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" &&
touch certs/{{ item }}_crt_generated
become: no
args:
chdir: "configs/{{ IP_subject_alt_name }}/pki/"
creates: certs/{{ item }}_crt_generated
environment:
- subjectAltName: "DNS:{{ IP_subject_alt_name }}_{{ item }},IP:{{ IP_subject_alt_name }}"
+ subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
with_items: "{{ users }}"
- name: Build the client's p12
diff --git a/roles/vpn/templates/mobileconfig.j2 b/roles/vpn/templates/mobileconfig.j2
index 48307e8f..9ee20c4f 100644
--- a/roles/vpn/templates/mobileconfig.j2
+++ b/roles/vpn/templates/mobileconfig.j2
@@ -86,7 +86,7 @@
1440
LocalIdentifier
- {{ IP_subject_alt_name }}_{{ item.0 }}
+ {{ item.0 }}
PayloadCertificateUUID
{{ pkcs12_PayloadCertificateUUID }}
CertificateType
diff --git a/users.yml b/users.yml
index e2fa14e6..58ce5736 100644
--- a/users.yml
+++ b/users.yml
@@ -63,15 +63,15 @@
- name: Build the client's pair
local_action: >
- shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" -batch &&
- openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" &&
+ shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" -batch &&
+ openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" &&
touch certs/{{ item }}_crt_generated
become: no
args:
chdir: "configs/{{ IP_subject_alt_name }}/pki/"
creates: certs/{{ item }}_crt_generated
environment:
- subjectAltName: "DNS:{{ IP_subject_alt_name }}_{{ item }},IP:{{ IP_subject_alt_name }}"
+ subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
with_items: "{{ users }}"
- name: Build the client's p12
@@ -94,7 +94,7 @@
- name: Get active users
local_action: >
- shell grep ^V index.txt | grep -v "{{ IP_subject_alt_name }}" | awk '{print $5}' | sed 's/\/CN={{ IP_subject_alt_name }}_//g'
+ shell grep ^V index.txt | grep -v "{{ IP_subject_alt_name }}" | awk '{print $5}' | sed 's/\/CN=//g'
become: no
args:
chdir: "configs/{{ IP_subject_alt_name }}/pki/"
@@ -110,7 +110,7 @@
chdir: "configs/{{ IP_subject_alt_name }}/pki/"
creates: crl/{{ item }}_revoked
environment:
- subjectAltName: "DNS:{{ IP_subject_alt_name }}_{{ item }},IP:{{ IP_subject_alt_name }}"
+ subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
when: item not in users
with_items: "{{ valid_certs.stdout_lines }}"