fortinet / fortinet.fortios / 2.3.6 / module / fortios_certificate_local Local keys and certificates in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_certificate_local (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify certificate feature and local category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Local keys and certificates. fortinet.fortios.fortios_certificate_local: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" certificate_local: acme_ca_url: "<your_own_value>" acme_domain: "<your_own_value>" acme_email: "<your_own_value>" acme_renew_window: "30" acme_rsa_key_size: "2048" auto_regenerate_days: "0" auto_regenerate_days_warning: "0" ca_identifier: "myId_10" certificate: "<your_own_value>" cmp_path: "<your_own_value>" cmp_regeneration_method: "keyupate" cmp_server: "<your_own_value>" cmp_server_cert: "<your_own_value> (source certificate.ca.name certificate.remote.name)" comments: "<your_own_value>" csr: "<your_own_value>" enroll_protocol: "none" est_ca_id: "<your_own_value>" est_client_cert: "<your_own_value> (source certificate.local.name)" est_http_password: "<your_own_value>" est_http_username: "<your_own_value>" est_server: "<your_own_value>" est_server_cert: "<your_own_value> (source certificate.ca.name certificate.remote.name)" est_srp_password: "<your_own_value>" est_srp_username: "<your_own_value>" ike_localid: "<your_own_value>" ike_localid_type: "asn1dn" last_updated: "2147483647" name: "default_name_30" name_encoding: "printable" password: "<your_own_value>" private_key: "<your_own_value>" private_key_retain: "enable" range: "global" scep_password: "<your_own_value>" scep_url: "<your_own_value>" source: "factory" source_ip: "84.230.14.43" state: "<your_own_value>"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str certificate_local: default: null description: - Local keys and certificates. suboptions: acme_ca_url: description: - The URL for the ACME CA server (Let"s Encrypt is the ). type: str acme_domain: description: - A valid domain that resolves to this FortiGate unit. type: str acme_email: description: - Contact email address that is required by some CAs like LetsEncrypt. type: str acme_renew_window: description: - Beginning of the renewal window (in days before certificate expiration, 30 by default). type: int acme_rsa_key_size: description: - Length of the RSA private key of the generated cert (Minimum 2048 bits). type: int auto_regenerate_days: description: - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled). type: int auto_regenerate_days_warning: description: - Number of days to wait before an expiry warning message is generated (0 = disabled). type: int ca_identifier: description: - CA identifier of the CA server for signing via SCEP. type: str certificate: description: - PEM format certificate. type: str cmp_path: description: - Path location inside CMP server. type: str cmp_regeneration_method: choices: - keyupate - renewal description: - CMP auto-regeneration method. type: str cmp_server: description: - Address and port for CMP server (format = address:port). type: str cmp_server_cert: description: - CMP server certificate. Source certificate.ca.name certificate.remote.name. type: str comments: description: - Comment. type: str csr: description: - Certificate Signing Request. type: str enroll_protocol: choices: - none - scep - cmpv2 - acme2 - est description: - Certificate enrollment protocol. type: str est_ca_id: description: - CA identifier of the CA server for signing via EST. type: str est_client_cert: description: - Certificate used to authenticate this FortiGate to EST server. Source certificate.local.name. type: str est_http_password: description: - HTTP Authentication password for signing via EST. type: str est_http_username: description: - HTTP Authentication username for signing via EST. type: str est_server: description: - Address and port for EST server (e.g. https://example.com:1234). type: str est_server_cert: description: - EST server"s certificate must be verifiable by this certificate to be authenticated. Source certificate.ca.name certificate.remote.name. type: str est_srp_password: description: - EST SRP authentication password. type: str est_srp_username: description: - EST SRP authentication username. type: str ike_localid: description: - Local ID the FortiGate uses for authentication as a VPN client. type: str ike_localid_type: choices: - asn1dn - fqdn description: - IKE local ID type. type: str last_updated: description: - Time at which certificate was last updated. type: int name: description: - Name. required: true type: str name_encoding: choices: - printable - utf8 description: - Name encoding method for auto-regeneration. type: str password: description: - Password as a PEM file. type: str private_key: description: - PEM format key encrypted with a password. type: str private_key_retain: choices: - enable - disable description: - Enable/disable retention of private key during SCEP renewal . type: str range: choices: - global - vdom description: - Either a global or VDOM IP address range for the certificate. type: str scep_password: description: - SCEP server challenge password for auto-regeneration. type: str scep_url: description: - SCEP server URL. type: str source: choices: - factory - user - bundle description: - Certificate source type. type: str source_ip: description: - Source IP address for communications to the SCEP server. type: str state: description: - Certificate Signing Request State. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str