community.general.panos_cert_gen_ssh (0.1.1) — module

Install collection

Install with ansible-galaxy collection install community.general:==0.1.1

Add to requirements.yml

  collections:
    - name: community.general
      version: 0.1.1

Description

This module generates a self-signed certificate that can be used by GlobalProtect client, SSL connector, or

otherwise. Root certificate must be preset on the system first. This module depends on paramiko for ssh.

Requirements

• paramiko

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Generates a new self-signed certificate using ssh
- name: generate self signed certificate
  panos_cert_gen_ssh:
    ip_address: "192.168.1.1"
    password: "paloalto"
    cert_cn: "1.1.1.1"
    cert_friendly_name: "test123"
    signed_by: "root-ca"

Inputs

    
cert_cn:
    description:
    - Certificate CN (common name) embedded in the certificate signature.
    required: true

password:
    description:
    - Password credentials to use for auth. Either I(key_filename) or I(password) is required.
    required: true

rsa_nbits:
    default: '2048'
    description:
    - Number of bits used by the RSA algorithm for the certificate generation.

signed_by:
    description:
    - Undersigning authority (CA) that MUST already be presents on the device.
    required: true

ip_address:
    description:
    - IP address (or hostname) of PAN-OS device being configured.
    required: true

key_filename:
    description:
    - Location of the filename that is used for the auth. Either I(key_filename) or I(password)
      is required.
    required: true

cert_friendly_name:
    description:
    - Human friendly certificate name (not CN but just a friendly name).
    required: true