community.crypto/tests/integration/targets/certificate_complete_chain/tasks/create-single-certificate.yml

####################################################################
# WARNING: These are designed specifically for Ansible tests       #
# and should not be used as examples of how to write Ansible roles #
####################################################################

- name: Generate CSR for {{ certificate.name }}
  openssl_csr:
    path: '{{ remote_tmp_dir }}/{{ certificate.name }}.csr'
    privatekey_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.key'
    subject: '{{ certificate.subject }}'
    useCommonNameForSAN: false

- name: Generate certificate for {{ certificate.name }}
  x509_certificate:
    path: '{{ remote_tmp_dir }}/{{ certificate.name }}.pem'
    csr_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.csr'
    privatekey_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.key'
    provider: '{{ "selfsigned" if certificate.parent is not defined else "ownca" }}'
    ownca_path: '{{ (remote_tmp_dir ~ "/" ~ certificate.parent ~ ".pem") if certificate.parent is defined else omit }}'
    ownca_privatekey_path: '{{ (remote_tmp_dir ~ "/" ~ certificate.parent ~ ".key") if certificate.parent is defined else omit }}'