Try Spottergenerates a self-signed certificate using SSH protocol with SSH key
| "added in version" 2.3 of ansible.builtin"
Authors: Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer)
preview | supported by community
pipInstall with pip install ansible==2.5.6
This module generates a self-signed certificate that can be used by GlobalProtect client, SSL connector, or
otherwise. Root certificate must be preset on the system first. This module depends on paramiko for ssh.
# Generates a new self-signed certificate using ssh
- name: generate self signed certificate
panos_cert_gen_ssh:
ip_address: "192.168.1.1"
password: "paloalto"
cert_cn: "1.1.1.1"
cert_friendly_name: "test123"
signed_by: "root-ca"
cert_cn:
default: null
description:
- Certificate CN (common name) embedded in the certificate signature.
required: true
password:
default: null
description:
- Password credentials to use for auth. Either I(key_filename) or I(password) is required.
required: true
rsa_nbits:
default: '2048'
description:
- Number of bits used by the RSA algorithm for the certificate generation.
required: false
signed_by:
default: null
description:
- Undersigning authority (CA) that MUST already be presents on the device.
required: true
ip_address:
default: null
description:
- IP address (or hostname) of PAN-OS device being configured.
required: true
key_filename:
default: null
description:
- Location of the filename that is used for the auth. Either I(key_filename) or I(password)
is required.
required: true
cert_friendly_name:
default: null
description:
- Human friendly certificate name (not CN but just a friendly name).
required: true