panos_cert_gen_ssh – generates a self-signed certificate using SSH protocol with SSH key¶
New in version 2.3.
Synopsis¶
This module generates a self-signed certificate that can be used by GlobalProtect client, SSL connector, or
otherwise. Root certificate must be preset on the system first. This module depends on paramiko for ssh.
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
cert_cn
-
/ required
|
Default: None
|
Certificate CN (common name) embedded in the certificate signature.
|
cert_friendly_name
-
/ required
|
Default: None
|
Human friendly certificate name (not CN but just a friendly name).
|
ip_address
-
/ required
|
Default: None
|
IP address (or hostname) of PAN-OS device being configured.
|
key_filename
-
/ required
|
Default: None
|
Location of the filename that is used for the auth. Either key_filename or password is required.
|
password
-
/ required
|
Default: None
|
Password credentials to use for auth. Either key_filename or password is required.
|
rsa_nbits
-
|
Default: 2048
|
Number of bits used by the RSA algorithm for the certificate generation.
|
signed_by
-
/ required
|
Default: None
|
Undersigning authority (CA) that MUST already be presents on the device.
|
username
-
|
Default: admin
|
User name to use for auth. Default is admin.
|
Examples¶
# Generates a new self-signed certificate using ssh
- name: generate self signed certificate
panos_cert_gen_ssh:
ip_address: "192.168.1.1"
username: "admin"
password: "paloalto"
cert_cn: "1.1.1.1"
cert_friendly_name: "test123"
signed_by: "root-ca"
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community.
Authors¶
Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer)