paloaltonetworks.panos.panos_cert_gen_ssh module – generates a self-signed certificate using SSH protocol with SSH key
Note
This module is part of the paloaltonetworks.panos collection (version 2.19.1).
To install it, use: ansible-galaxy collection install paloaltonetworks.panos.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: paloaltonetworks.panos.panos_cert_gen_ssh.
New in paloaltonetworks.panos 1.0.0
Synopsis
This module generates a self-signed certificate that can be used by GlobalProtect client, SSL connector, or
otherwise. Root certificate must be preset on the system first. This module depends on paramiko for ssh.
Requirements
The below requirements are needed on the host that executes this module.
paramiko
Parameters
Parameter |
Comments |
|---|---|
Certificate CN (common name) embedded in the certificate signature. |
|
Human friendly certificate name (not CN but just a friendly name). |
|
IP address (or hostname) of PAN-OS device being configured. |
|
Location of the filename that is used for the auth. Either key_filename or password is required. |
|
Password credentials to use for auth. Either key_filename or password is required. |
|
Number of bits used by the RSA algorithm for the certificate generation. Default: :ansible-option-default:`"2048"` |
|
Undersigning authority (CA) that MUST already be presents on the device. |
|
User name to use for auth. Default is admin. Default: :ansible-option-default:`"admin"` |
Notes
Note
Checkmode is not supported.
Examples
# Generates a new self-signed certificate using ssh
- name: generate self signed certificate
paloaltonetworks.panos.panos_cert_gen_ssh:
ip_address: "192.168.1.1"
username: "admin"
password: "paloalto"
cert_cn: "1.1.1.1"
cert_friendly_name: "test123"
signed_by: "root-ca"