[debops-users] usage of pki service - how to create new root ca

Jan Kowalsky jankow at datenkollektiv.net
Thu Nov 23 23:19:43 CET 2017

Hi all,

I wondering how to use the pki service with debops. I read documentation
but actually it didn't answer all my questions ;-).

What I reallized: When setting up the first host with pki_enabled: True
(default) debops is generating a root certificate and a first
certificate for this host. Well. Since I want't to test if the pki
service is the right thing for us (at the moment we use an self scripted
internal completely offline CA) - of course the first root certificate
is not the one we will continue with.

So I tried to delete the pki directory on the ansible controller - and
thought the root certificate is generated again. But this is not the fact.

How is it possible to initialize a completely new certificate auhtority
while there are already hosts in the same ansible domain?

Is there any way to use already existent key pairs for root ca?

And still there is the problem that encfs on debian stretch isn't
working (but this is another story).

Thanks a lot and regards

More information about the debops-users mailing list