|
|
|
|
|
|
by lazyweb
1069 days ago
|
|
|
My way of doing private SSL (not necessarily the easiest): * own CA, to be distributed to all systems via Ansible playbook or Dockerfile directives * Hashicorp Vault with enabled PKI engine * Ansible Hashivault module [1] * Ansible role & playbook to tie it all together * CI enviroment for automated deployment of SSL certs to target systems Works flawlessly once set up, including restart/reload of affected services. Might do a writeup on my personal blog at some point. [1] https://github.com/ansible-collections/community.hashi_vault |
|
|