panos_cert_gen_ssh – generates a self-signed certificate using SSH protocol with SSH key¶
New in version 2.3.
DEPRECATED¶
- Removed in Ansible
version: 2.12
- Why
Consolidating code base.
- Alternative
Use https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks instead.
Synopsis¶
This module generates a self-signed certificate that can be used by GlobalProtect client, SSL connector, or
otherwise. Root certificate must be preset on the system first. This module depends on paramiko for ssh.
Requirements¶
The below requirements are needed on the host that executes this module.
paramiko
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
cert_cn
-
/ required
|
Certificate CN (common name) embedded in the certificate signature.
|
|
|
cert_friendly_name
-
/ required
|
Human friendly certificate name (not CN but just a friendly name).
|
|
|
ip_address
-
/ required
|
IP address (or hostname) of PAN-OS device being configured.
|
|
|
key_filename
-
/ required
|
Location of the filename that is used for the auth. Either key_filename or password is required.
|
|
|
password
-
/ required
|
Password credentials to use for auth. Either key_filename or password is required.
|
|
|
rsa_nbits
-
|
Default: "2048"
|
Number of bits used by the RSA algorithm for the certificate generation.
|
|
signed_by
-
/ required
|
Undersigning authority (CA) that MUST already be presents on the device.
|
Notes¶
Note
Checkmode is not supported.
Examples¶
# Generates a new self-signed certificate using ssh
- name: generate self signed certificate
panos_cert_gen_ssh:
ip_address: "192.168.1.1"
password: "paloalto"
cert_cn: "1.1.1.1"
cert_friendly_name: "test123"
signed_by: "root-ca"
Status¶
This module will be removed in version 2.12. [deprecated]
For more information see DEPRECATED.