Support otherName in subAltName in CSR for UTF8 strings (#53)

* Support otherName in subAltName in CSR for UTF8 strings * Remove uneeded docs and added changelog fragment * Missed a merge conflict * Fix up sanity issues and added test expectation * Rename function
2026-05-06 13:22:58 +00:00 · 2020-06-24 06:38:42 +10:00
parent ca58a1d2ee
commit 70683e540d
9 changed files with 309 additions and 4 deletions
--- a/plugins/modules/openssl_csr.py
+++ b/plugins/modules/openssl_csr.py
@@ -119,7 +119,7 @@ options:
            - SAN extension to attach to the certificate signing request.
            - This can either be a 'comma separated string' or a YAML list.
            - Values must be prefixed by their options. (i.e., C(email), C(URI), C(DNS), C(RID), C(IP), C(dirName),
-              C(otherName) and the ones specific to your CA)
+              C(otherName) and the ones specific to your CA).
            - Note that if no SAN is specified, but a common name, the common
              name will be added as a SAN except if C(useCommonNameForSAN) is
              set to I(false).
@@ -350,6 +350,15 @@ EXAMPLES = r'''
    privatekey_path: /etc/ssl/private/ansible.com.pem
    common_name: www.ansible.com
    ocsp_must_staple: yes
+
+- name: Generate an OpenSSL Certificate Signing Request for WinRM Certificate authentication
+  community.crypto.openssl_csr:
+    path: /etc/ssl/csr/winrm.auth.csr
+    privatekey_path: /etc/ssl/private/winrm.auth.pem
+    common_name: username
+    extended_key_usage:
+    - clientAuth
+    subject_alt_name: otherName:1.3.6.1.4.1.311.20.2.3;UTF8:username@localhost
 '''

 RETURN = r'''