panos_cert_gen_ssh - generates a self-signed certificate using SSH protocol with SSH key
New in version 2.3.
Synopsis
- This module generates a self-signed certificate that can be used by GlobalProtect client, SSL connector, or
- otherwise. Root certificate must be preset on the system first. This module depends on paramiko for ssh.
Requirements (on host that executes module)
- paramiko
Options
parameter | required | default | choices | comments |
---|---|---|---|---|
cert_cn | yes | Certificate CN (common name) embedded in the certificate signature. | ||
cert_friendly_name | yes | Human friendly certificate name (not CN but just a friendly name). | ||
ip_address | yes | IP address (or hostname) of PAN-OS device being configured. | ||
key_filename | yes | Location of the filename that is used for the auth. Either key_filename or password is required. | ||
password | yes | Password credentials to use for auth. Either key_filename or password is required. | ||
rsa_nbits | no | 2048 | Number of bits used by the RSA algorithm for the certificate generation. | |
signed_by | yes | Undersigning authority (CA) that MUST already be presents on the device. |
Examples
# Generates a new self-signed certificate using ssh - name: generate self signed certificate panos_cert_gen_ssh: ip_address: "192.168.1.1" password: "paloalto" cert_cn: "1.1.1.1" cert_friendly_name: "test123" signed_by: "root-ca"
Notes
Note
- Checkmode is not supported.
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/panos_cert_gen_ssh_module.html