--- - name: Set facts ansible.builtin.set_fact: wpa_hostname: "{{ ansible_hostname }}" - name: Create private key for client certificate community.crypto.openssl_privatekey: path: /etc/ssl/private/{{ ssid }}.key - name: Create CSR for client certificate community.crypto.openssl_csr_pipe: common_name: "{{ wpa_hostname }}" country_name: "{{ country_name }}" state_or_province_name: "{{ state_or_province_name }}" locality_name: "{{ locality_name }}" organization_name: "{{ organization_name }}" privatekey_path: /etc/ssl/private/{{ ssid }}.key email_address: "{{ admin_email }}" register: csr - name: Sign CSR on Radius community.crypto.x509_certificate_pipe: csr_content: "{{ csr.csr }}" provider: ownca ownca_path: /etc/freeradius/3.0/certs/ca.pem ownca_privatekey_path: /etc/freeradius/3.0/certs/ca.key ownca_privatekey_passphrase: "{{ radiusca_password }}" ownca_not_after: +1825d #5 Years delegate_to: radius register: certificate - name: Create issued-Notice folder on radius-server file: dest: "/etc/freeradius/3.0/certs/issued" state: directory delegate_to: radius - name: Write certificate to client copy: dest: /etc/ssl/certs/{{ ssid }}.crt content: "{{ certificate.certificate }}" - name: Extrcat Serial from Certificate command: 'openssl x509 -noout -serial -in /etc/ssl/certs/{{ ssid }}.crt' register: cert_serial - name: Create issued-Notice-file on radius-server copy: dest: "/etc/freeradius/3.0/certs/issued/{{ ansible_hostname }}" content: "{{ cert_serial.stdout }}" delegate_to: radius - name: Delete {{ ssid }} if exists command: 'nmcli c delete {{ ssid }}' ignore_errors: true - name: Create {{ ssid }} via nmcli command: > nmcli c add type wifi ifname {{ ansible_interfaces | select('search', 'wl.+') | first }} con-name "{{ ssid }}" connection.permissions "" 802-11-wireless.ssid "{{ ssid }}" 802-11-wireless-security.key-mgmt wpa-eap 802-1x.eap tls 802-1x.identity {{ ansible_hostname }} 802-1x.client-cert /etc/ssl/certs/{{ ssid }}.crt 802-1x.private-key /etc/ssl/private/{{ ssid }}.key 802-1x.private-key-password dummy