From 9b905917cc67c461da2f0fa5f7e9daecd90ac501 Mon Sep 17 00:00:00 2001
From: root <root@kyuzo-1.localdomain>
Date: Fri, 10 Feb 2017 16:06:17 +0000
Subject: [PATCH] simplified changes

---
 roles/vpn/tasks/main.yml            |  6 +++---
 roles/vpn/templates/mobileconfig.j2 |  2 +-
 users.yml                           | 10 +++++-----
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 24485abf..725ef9ef 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -189,15 +189,15 @@
 
 - name: Build the client's pair
   local_action: >
-   shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" -batch &&
-      openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" &&
+   shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" -batch &&
+      openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" &&
       touch certs/{{ item }}_crt_generated
   become: no
   args:
     chdir: "configs/{{ IP_subject_alt_name }}/pki/"
     creates: certs/{{ item }}_crt_generated
   environment:
-    subjectAltName: "DNS:{{ IP_subject_alt_name }}_{{ item }},IP:{{ IP_subject_alt_name }}"
+    subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
   with_items: "{{ users }}"
 
 - name: Build the client's p12
diff --git a/roles/vpn/templates/mobileconfig.j2 b/roles/vpn/templates/mobileconfig.j2
index 48307e8f..9ee20c4f 100644
--- a/roles/vpn/templates/mobileconfig.j2
+++ b/roles/vpn/templates/mobileconfig.j2
@@ -86,7 +86,7 @@
                     <integer>1440</integer>
                 </dict>
                 <key>LocalIdentifier</key>
-                <string>{{ IP_subject_alt_name }}_{{ item.0 }}</string>
+                <string>{{ item.0 }}</string>
                 <key>PayloadCertificateUUID</key>
                 <string>{{ pkcs12_PayloadCertificateUUID }}</string>
                 <key>CertificateType</key>
diff --git a/users.yml b/users.yml
index e2fa14e6..58ce5736 100644
--- a/users.yml
+++ b/users.yml
@@ -63,15 +63,15 @@
 
     - name: Build the client's pair
       local_action: >
-        shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" -batch &&
-          openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ IP_subject_alt_name }}_{{ item }}" &&
+        shell openssl req -utf8 -new -newkey {{ algo_params | default('ec:ecparams/prime256v1.pem') }} -config openssl.cnf -keyout private/{{ item }}.key -out reqs/{{ item }}.req -nodes -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" -batch &&
+          openssl ca -utf8 -in reqs/{{ item }}.req -out certs/{{ item }}.crt -config openssl.cnf -days 3650 -batch -passin pass:"{{ easyrsa_CA_password }}" -subj "/CN={{ item }}" &&
           touch certs/{{ item }}_crt_generated
       become: no
       args:
         chdir: "configs/{{ IP_subject_alt_name }}/pki/"
         creates: certs/{{ item }}_crt_generated
       environment:
-        subjectAltName: "DNS:{{ IP_subject_alt_name }}_{{ item }},IP:{{ IP_subject_alt_name }}"
+        subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
       with_items: "{{ users }}"
 
     - name: Build the client's p12
@@ -94,7 +94,7 @@
 
     - name: Get active users
       local_action: >
-        shell grep ^V index.txt | grep -v "{{ IP_subject_alt_name }}" | awk '{print $5}' | sed 's/\/CN={{ IP_subject_alt_name }}_//g'
+        shell grep ^V index.txt | grep -v "{{ IP_subject_alt_name }}" | awk '{print $5}' | sed 's/\/CN=//g'
       become: no
       args:
         chdir: "configs/{{ IP_subject_alt_name }}/pki/"
@@ -110,7 +110,7 @@
         chdir: "configs/{{ IP_subject_alt_name }}/pki/"
         creates: crl/{{ item }}_revoked
       environment:
-        subjectAltName: "DNS:{{ IP_subject_alt_name }}_{{ item }},IP:{{ IP_subject_alt_name }}"
+        subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
       when: item not in users
       with_items: "{{ valid_certs.stdout_lines }}"