# Get TLS/SSL certificates using Ansible

Enterprises are increasingly using Red Hat Ansible to automate lifecycle operations. With CertCentral ACME support, you can obtain TLS/SSL certificates from within an Ansible playbook.

The example here demonstrates how to integrate CertCentral ACME with Ansible to get a certificate as a step within a larger lifecycle task.

The integration enables you to connect to CertCentral using ACME External Account Binding (EAB) and issue a certificate using the ACME v2 protocol.

## Before you begin

Make sure you have created an ACME Directory URL in your CertCentral account and have the EAB credentials with you.

### 注記

DigiCert recommends placing the scripts in one location, such as an installation directory. For example: installdir/scripts/digicert_acme_cert_main.yml

## Create an installation directory and configure the script

1. Create an installation directory and copy digicert_acme_cert_main.yml and get-cert.yml files into the installation directory.

2. Create a script or customize the sample script digicert_acme_cert_main.yml.

3. Specify the certificate parameters in the script under vars:

• cert_cn: Common name of the certificate.

• contact_email: Email ID of the admin.

• eab_kid: Key identifier of the external account binding (EAB).

• eab_key: HMAC key of the external account binding (EAB).

Optionally, you can specify other parameters and update the default settings:

• data_dir: Location of the default data directory in the installation directory where all generated keys and issued certificates are stored. You can change it to your preferred location.

For example:

data/

accountkey.pem

{{cert_cn}}.csr

{{cert_cn}}.key

{{cert_cn}}.pem

{{cert_cn}}-chain.pem

{{cert_cn}}-fullchain.pem

• subject_alt_name: Specify the Subject Alternative Names (SANs) you wish to secure with this certificate.

## Request a certificate

Go to the installation directory and run the Ansible playbook command:

• As root user: ansible-playbook digicert_acme_cert_main.yml

• As non-root user: ansible-playbook --become-user <BECOME_USER> digicert_acme_cert_main.yml

Your certificate is issued and stored in the data directory.

## What’s next?

You can customize the example above and include it in your Ansible playbook.