Fix ca-less test to use X.509 v3 certificates

The generated certificates have been X.509 v1. This is not supported any more. Only X.509 v3 is supported. A new certificates/extensions.conf file has been added to make v3 certificates. The existing certificates/pkinit/extensions.conf has been renamed to certificates/pkinit-extensions.conf with additional changes. For example "[kdc_cert]" had to be removed for v3. The extensions config files are using environment variables, which are set by the generate-certificates.sh script before calling openssl. The script generate-certificates.sh has been reworked for a simpler structure, also new options have been added: "ca" and "cleanup".
2026-06-11 11:15:55 +00:00 · 2024-03-05 11:05:19 +01:00
parent ce05b5e137
commit b92da82661
5 changed files with 169 additions and 142 deletions
--- a/tests/ca-less/clean_up_certificates.yml
+++ b/tests/ca-less/clean_up_certificates.yml
@@ -7,9 +7,6 @@
  - name: Run generate-certificates.sh
    ansible.builtin.command: >
      /bin/bash
-      generate-certificates.sh delete "{{ item }}"
+      generate-certificates.sh cleanup
    args:
      chdir: "{{ playbook_dir }}"
-    with_items:
-      - "{{ groups.ipaserver[0] }}"
-      - "{{ groups.ipareplicas[0] }}"