panos_cert_gen_ssh – generates a self-signed certificate using SSH protocol with SSH key¶
New in version 2.3.
Synopsis¶
NOTE: The modules in this role are deprecated in favour of the modules in the collection https://paloaltonetworks.github.io/pan-os-ansible
This module generates a self-signed certificate that can be used by GlobalProtect client, SSL connector, or
otherwise. Root certificate must be preset on the system first. This module depends on paramiko for ssh.
Requirements¶
The below requirements are needed on the host that executes this module.
paramiko
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
cert_cn
-
/ required
|
Default: null
|
Certificate CN (common name) embedded in the certificate signature.
|
cert_friendly_name
-
/ required
|
Default: null
|
Human friendly certificate name (not CN but just a friendly name).
|
ip_address
-
/ required
|
Default: null
|
IP address (or hostname) of PAN-OS device being configured.
|
key_filename
-
/ required
|
Default: null
|
Location of the filename that is used for the auth. Either key_filename or password is required.
|
password
-
/ required
|
Default: null
|
Password credentials to use for auth. Either key_filename or password is required.
|
rsa_nbits
-
|
Default: "2048"
|
Number of bits used by the RSA algorithm for the certificate generation.
|
signed_by
-
/ required
|
Default: null
|
Undersigning authority (CA) that MUST already be presents on the device.
|
username
-
|
Default: "admin"
|
User name to use for auth. Default is admin.
|
Notes¶
Note
Checkmode is not supported.
Examples¶
# Generates a new self-signed certificate using ssh
- name: generate self signed certificate
panos_cert_gen_ssh:
ip_address: "192.168.1.1"
username: "admin"
password: "paloalto"
cert_cn: "1.1.1.1"
cert_friendly_name: "test123"
signed_by: "root-ca"
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community.