panos_cert_gen_ssh - generates a self-signed certificate using SSH protocol with SSH key

New in version 2.3.

Synopsis

  • This module generates a self-signed certificate that can be used by GlobalProtect client, SSL connector, or
  • otherwise. Root certificate must be preset on the system first. This module depends on paramiko for ssh.

Requirements (on host that executes module)

  • paramiko

Options

parameter required default choices comments
cert_cn
yes
Certificate CN (common name) embedded in the certificate signature.
cert_friendly_name
yes
Human friendly certificate name (not CN but just a friendly name).
ip_address
yes
IP address (or hostname) of PAN-OS device being configured.
key_filename
yes
Location of the filename that is used for the auth. Either key_filename or password is required.
password
yes
Password credentials to use for auth. Either key_filename or password is required.
rsa_nbits
no 2048
Number of bits used by the RSA algorithm for the certificate generation.
signed_by
yes
Undersigning authority (CA) that MUST already be presents on the device.

Examples

# Generates a new self-signed certificate using ssh
- name: generate self signed certificate
  panos_cert_gen_ssh:
    ip_address: "192.168.1.1"
    password: "paloalto"
    cert_cn: "1.1.1.1"
    cert_friendly_name: "test123"
    signed_by: "root-ca"

Notes

Note

  • Checkmode is not supported.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/panos_cert_gen_ssh_module.html