ipacert: Fix ipacert tests

It seems that in recent versions, a minimum of 2048 bits for RSA keys are required to request a certificate. This seems to be enforced by crypto policies. By adjusting the key size all ipacert tests pass.

ipacert: Fix ipacert tests
57bc35df · Rafael Guterres Jeffman · a2f59e1a · 57bc35df · 57bc35df · 57bc35df
Commit 57bc35df authored 6 months ago by Rafael Guterres Jeffman
--- a/tests/cert/test_cert_host.yml
+++ b/tests/cert/test_cert_host.yml
@@ -40,7 +40,7 @@
  - name: Create CSR
    ansible.builtin.shell:
-      cmd: "openssl req -newkey rsa:1024 -keyout /dev/null -nodes -subj /CN=certhost.{{ ipa_domain }}"
+      cmd: "openssl req -newkey rsa:2048 -keyout /dev/null -nodes -subj /CN=certhost.{{ ipa_domain }}"
    register: host_req
  - name: Create CSR file

--- a/tests/cert/test_cert_service.yml
+++ b/tests/cert/test_cert_service.yml
@@ -51,7 +51,7 @@
  - name: Create signing request for certificate
    ansible.builtin.shell:
-      cmd: "openssl req -newkey rsa:1024 -keyout /dev/null -nodes -subj /CN=certservice.{{ ipa_domain }}"
+      cmd: "openssl req -newkey rsa:2048 -keyout /dev/null -nodes -subj /CN=certservice.{{ ipa_domain }}"
    register: service_req
  - name: Create CSR file

--- a/tests/cert/test_cert_user.yml
+++ b/tests/cert/test_cert_user.yml
@@ -36,7 +36,7 @@
  - name: Crete CSR
    ansible.builtin.shell:
      cmd:
-        'openssl req -newkey rsa:1024 -keyout /dev/null -nodes -subj /CN=certuser -reqexts IECUserRoles
+        'openssl req -newkey rsa:2048 -keyout /dev/null -nodes -subj /CN=certuser -reqexts IECUserRoles
          -config <(cat /etc/pki/tls/openssl.cnf; printf "[IECUserRoles]\n1.2.840.10070.8.1=ASN1:UTF8String:hello world")'
      executable: /bin/bash
    register: user_req