Now we know how to inject client certificates into Firefox and Chrome it’s time to automate that process with Ansible.
The goal is to take a client and CA certificate and deliver it to the .pki keystore on the client. The actual generation of the certificate happens using
easyrsa and is not part of this process. Let’s assume you already have generated a series of certificates, and converted them to a
.pfx (pkcs12) for each client and just need to deliver them – although I may write up that process later.
Further let’s assume you are naming the certificate files with the same inventory hostname you are going to use in Ansible. This is so we can easily identify which file goes to which host, eg.
myclient01.pfx for inventory item