From ae40cb45827cb1c3590651a6771c12ee72343c63 Mon Sep 17 00:00:00 2001
From: Christos Pollalis <pollalis.ch@gmail.com>
Date: Sat, 11 Apr 2020 18:26:13 +0300
Subject: [PATCH] Split "Copy CA, SSL key and cert for authd" task

of the wazuh-agent playbook to allow one to perform either manager
or agent verification, or both.
---
 roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
index a84e4020..7fa0cc03 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@@ -50,17 +50,25 @@
     - name: Retrieving authd Credentials
       include_vars: authd_pass.yml
 
-    - name: Copy CA, SSL key and cert for authd
+    - name: Copy CA root certificate to verify authd
+      copy:
+        src: "{{ wazuh_agent_authd.ssl_agent_ca }}"
+        dest: "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
+        mode: 0644
+      when:
+        - wazuh_agent_authd.ssl_agent_ca is not none
+
+    - name: Copy TLS/SSL certificate for agent verification
       copy:
         src: "{{ item }}"
         dest: "/var/ossec/etc/{{ item | basename }}"
         mode: 0644
       with_items:
-        - "{{ wazuh_agent_authd.ssl_agent_ca }}"
         - "{{ wazuh_agent_authd.ssl_agent_cert }}"
         - "{{ wazuh_agent_authd.ssl_agent_key }}"
       when:
-        - wazuh_agent_authd.ssl_agent_ca is not none
+        - wazuh_agent_authd.ssl_agent_cert is not none
+        - wazuh_agent_authd.ssl_agent_key is not none
 
     - name: Linux | Register agent (via authd)
       shell: >