fortinet / fortinet.fortios / 1.1.7 / module / fortios_certificate_local Local keys and certificates in Fortinet's FortiOS and FortiGate. | "added in version" 2.9 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_certificate_local (1.1.7) — module
Install with ansible-galaxy collection install fortinet.fortios:==1.1.7
collections: - name: fortinet.fortios version: 1.1.7
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify certificate feature and local category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.4.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Local keys and certificates. fortios_certificate_local: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" certificate_local: auto_regenerate_days: "3" auto_regenerate_days_warning: "4" ca_identifier: "myId_5" certificate: "<your_own_value>" cmp_path: "<your_own_value>" cmp_regeneration_method: "keyupate" cmp_server: "<your_own_value>" cmp_server_cert: "<your_own_value> (source certificate.ca.name)" comments: "<your_own_value>" csr: "<your_own_value>" enroll_protocol: "none" ike_localid: "<your_own_value>" ike_localid_type: "asn1dn" name: "default_name_16" name_encoding: "printable" password: "<your_own_value>" private_key: "<your_own_value>" range: "global" scep_password: "<your_own_value>" scep_url: "<your_own_value>" source: "factory" source_ip: "84.230.14.43" state: "<your_own_value>"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str certificate_local: default: null description: - Local keys and certificates. suboptions: auto_regenerate_days: description: - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled). type: int auto_regenerate_days_warning: description: - Number of days to wait before an expiry warning message is generated (0 = disabled). type: int ca_identifier: description: - CA identifier of the CA server for signing via SCEP. type: str certificate: description: - PEM format certificate. type: str cmp_path: description: - Path location inside CMP server. type: str cmp_regeneration_method: choices: - keyupate - renewal description: - CMP auto-regeneration method. type: str cmp_server: description: - '"ADDRESS:PORT" for CMP server.' type: str cmp_server_cert: description: - CMP server certificate. Source certificate.ca.name. type: str comments: description: - Comment. type: str csr: description: - Certificate Signing Request. type: str enroll_protocol: choices: - none - scep - cmpv2 description: - Certificate enrollment protocol. type: str ike_localid: description: - Local ID the FortiGate uses for authentication as a VPN client. type: str ike_localid_type: choices: - asn1dn - fqdn description: - IKE local ID type. type: str name: description: - Name. required: true type: str name_encoding: choices: - printable - utf8 description: - Name encoding method for auto-regeneration. type: str password: description: - Password as a PEM file. type: str private_key: description: - PEM format key, encrypted with a password. type: str range: choices: - global - vdom description: - Either a global or VDOM IP address range for the certificate. type: str scep_password: description: - SCEP server challenge password for auto-regeneration. type: str scep_url: description: - SCEP server URL. type: str source: choices: - factory - user - bundle description: - Certificate source type. type: str source_ip: description: - Source IP address for communications to the SCEP server. type: str state: description: - Certificate Signing Request State. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str