Try SpotterManage SSL server Authentication Policy in Radware Alteon
| "added in version" 2.9 of radware.radware_modules"
Authors: Leon Meguira (@leonmeguira), Nati Fridman (@natifridman)
stableinterface | supported by certified
Install with ansible-galaxy collection install radware.radware_modules:==0.6.12
collections:
- name: radware.radware_modules
version: 0.6.12SSL client authentication enables a server to confirm a client's identity as part of the SSL handshake process.
Similarly, SSL server authentication enables a client to confirm the identity of the server.
Authentication of a client or server requires checking their certificate validity.
If the certificate is valid, the handshake process is completed, otherwise the session is terminated.
The same Authentication Policy can be associated with multiple SSL Policies.
- name: alteon configuration command
radware.radware_modules.alteon_config_ssl_server_auth_policy:
provider:
server: 192.168.1.1
user: admin
password: admin
validate_certs: no
https_port: 443
ssh_port: 22
timeout: 5
state: present
parameters:
index: ssl_server_auth_pol
description: test_auth_policy
state: enabled
cert_validation_method: ocsp
ocsp_validation_static_uri: http://uri.ocsp.com
ocsp_response_secure: enabled
trusted_ca_chain_name: ca_group_1
trusted_ca_chain_type: group
server_host_mismatch_action: reject
state:
choices:
- present
- absent
- read
- overwrite
- append
default: null
description:
- When C(present), guarantees that the object exists with the provided attributes.
- When C(absent), when applicable removes the object.
- When C(read), when exists read object from configuration to parameter format.
- When C(overwrite), removes the object if exists then recreate it
- When C(append), append object configuration with the provided parameters
required: true
provider:
description:
- Radware Alteon connection details.
required: true
suboptions:
https_port:
default: null
description:
- Radware Alteon https port.
required: true
password:
default: null
description:
- Radware Alteon password.
required: true
server:
default: null
description:
- Radware Alteon IP address.
required: true
ssh_port:
default: null
description:
- Radware Alteon ssh port.
required: true
timeout:
default: null
description:
- Timeout for connection.
required: true
user:
default: null
description:
- Radware Alteon username.
required: true
validate_certs:
default: null
description:
- If C(no), SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed
certificates.
required: true
type: bool
parameters:
description:
- Parameters for SSL server Authentication Policy configuration.
suboptions:
ca_chain_lookup_depth:
default: 2
description:
- Specifies the maximum number of certificates to be traversed in a certificate
chain while attempting to validate the link between
- the certificate and the configured trusted CA.
required: false
type: int
cert_validation_method:
choices:
- none
- ocsp
default: none
description:
- Specifies the method for validating whether a certificate, that was already
validated as issued by a trusted entity, has not been revoked.
required: false
description:
default: null
description:
- An optional descriptive name of the policy in addition to the policy ID.
required: false
type: str
index:
default: null
description:
- The authentication policy name (key id) as an index.
required: true
type: str
ocsp_cert_chain_validation:
choices:
- enabled
- disabled
default: disabled
description:
- Specifies whether to enable validation of every certificate in the certificate
chain, or only of the authenticated element
- (client/server) certificate.
required: false
ocsp_response_cache_time_second:
default: null
description:
- Specifies the length of time for which the OCSP response is cached, in seconds.
required: false
type: int
ocsp_response_deviation_time_second:
default: 75
description:
- Allows to overlook small deviations, in seconds, between Alteon and OCSP server
timestamps when performing OCSP signature verification.
required: false
type: int
ocsp_response_secure:
choices:
- enabled
- disabled
default: enabled
description:
- Specifies whether to verify that the certificate status information received
from the OCSP responder is up-to-date by sending a random nonce
- (a random sequence of 20 bytes) in the OCSP request. The OCSP responder must
use its secret key to sign the response containing this nonce.
required: false
ocsp_uri_priority:
choices:
- clientcert
- staticuri
default: clientcert
description:
- The OCSP access point can be configured (static URI) or can be provided in the
certificate (in the Authority Information Access extension).
- The OCSP URI priority defines whether to check first if the location is provided
in the certificate or not.
required: false
ocsp_validation_static_uri:
default: null
description:
- Specifies the static URI for OCSP validation requests.
required: false
type: str
server_expired_cert_action:
choices:
- ignore
- reject
default: ignore
description:
- Specifies the action performed on receiving an expired certificate from the
server.
required: false
server_host_mismatch_action:
choices:
- ignore
- reject
default: ignore
description:
- Specifies the action performed when a host mismatch is detected between the
certificate Common Name and SNI value.
required: false
server_untrusted_cert_action:
choices:
- ignore
- reject
default: reject
description:
- Specifies the action performed on receiving a server certificate signed by an
untrusted issuer.
required: false
state:
choices:
- enabled
- disabled
default: null
description:
- Specifies whether to enable/disable the authentication policy.
required: false
trusted_ca_chain_name:
default: null
description:
- Specifies one or more (group) Certificate Authority (CA) certificates that are
trusted as issuers of regular (client/server) certificates.
required: false
type: str
trusted_ca_chain_type:
choices:
- group
- cert
default: null
description:
- Specifies one or more (group) Certificate Authority (CA) certificates that are
trusted as issuers of regular (client/server) certificates.
required: false
revert_on_error:
default: false
description:
- If an error occurs, perform revert on alteon.
required: false
type: bool
write_on_change:
default: false
description:
- Executes Alteon write calls only when an actual change has been evaluated.
required: false
type: bool
obj: description: parameters object type returned: changed, read type: dictionary status: description: Message detailing run result returned: success sample: object deployed successfully type: str