Try SpotterLocal keys and certificates in Fortinet's FortiOS and FortiGate.
| "added in version" 2.9 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==1.1.7
collections:
- name: fortinet.fortios
version: 1.1.7This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify certificate feature and local category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.4.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Local keys and certificates.
fortios_certificate_local:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
certificate_local:
auto_regenerate_days: "3"
auto_regenerate_days_warning: "4"
ca_identifier: "myId_5"
certificate: "<your_own_value>"
cmp_path: "<your_own_value>"
cmp_regeneration_method: "keyupate"
cmp_server: "<your_own_value>"
cmp_server_cert: "<your_own_value> (source certificate.ca.name)"
comments: "<your_own_value>"
csr: "<your_own_value>"
enroll_protocol: "none"
ike_localid: "<your_own_value>"
ike_localid_type: "asn1dn"
name: "default_name_16"
name_encoding: "printable"
password: "<your_own_value>"
private_key: "<your_own_value>"
range: "global"
scep_password: "<your_own_value>"
scep_url: "<your_own_value>"
source: "factory"
source_ip: "84.230.14.43"
state: "<your_own_value>"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
certificate_local:
default: null
description:
- Local keys and certificates.
suboptions:
auto_regenerate_days:
description:
- Number of days to wait before expiry of an updated local certificate is requested
(0 = disabled).
type: int
auto_regenerate_days_warning:
description:
- Number of days to wait before an expiry warning message is generated (0 = disabled).
type: int
ca_identifier:
description:
- CA identifier of the CA server for signing via SCEP.
type: str
certificate:
description:
- PEM format certificate.
type: str
cmp_path:
description:
- Path location inside CMP server.
type: str
cmp_regeneration_method:
choices:
- keyupate
- renewal
description:
- CMP auto-regeneration method.
type: str
cmp_server:
description:
- '"ADDRESS:PORT" for CMP server.'
type: str
cmp_server_cert:
description:
- CMP server certificate. Source certificate.ca.name.
type: str
comments:
description:
- Comment.
type: str
csr:
description:
- Certificate Signing Request.
type: str
enroll_protocol:
choices:
- none
- scep
- cmpv2
description:
- Certificate enrollment protocol.
type: str
ike_localid:
description:
- Local ID the FortiGate uses for authentication as a VPN client.
type: str
ike_localid_type:
choices:
- asn1dn
- fqdn
description:
- IKE local ID type.
type: str
name:
description:
- Name.
required: true
type: str
name_encoding:
choices:
- printable
- utf8
description:
- Name encoding method for auto-regeneration.
type: str
password:
description:
- Password as a PEM file.
type: str
private_key:
description:
- PEM format key, encrypted with a password.
type: str
range:
choices:
- global
- vdom
description:
- Either a global or VDOM IP address range for the certificate.
type: str
scep_password:
description:
- SCEP server challenge password for auto-regeneration.
type: str
scep_url:
description:
- SCEP server URL.
type: str
source:
choices:
- factory
- user
- bundle
description:
- Certificate source type.
type: str
source_ip:
description:
- Source IP address for communications to the SCEP server.
type: str
state:
description:
- Certificate Signing Request State.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str