---

- name: get root CA certificate
  command: >
    curl -k -X GET -H "Content-Type:application/json" \
      "https://{{ step_bootstrap_ca_url }}:{{ step_ca_port }}/root/{{ step_bootstrap_fingerprint }}"
  register: root_ca_fp

- name: copy to os certificates
  template:
    src: "../templates/crt.j2"
    dest: "/usr/local/share/ca-certificates/{{ step_bootstrap_ca_url }}.crt"

- name: update trusted certs
  command: "update-ca-certificates"