cisco.ise.trusted_certificate module – Resource module for Trusted Certificate
Note
This module is part of the cisco.ise collection (version 1.2.1).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install cisco.ise.
To use it in a playbook, specify: cisco.ise.trusted_certificate.
New in version 1.0.0: of cisco.ise
Synopsis
Manage operations update and delete of the resource Trusted Certificate.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
ciscoisesdk >= 1.1.0
python >= 3.5
Parameters
Parameter |
Comments |
|---|---|
Switch to enable/disable CRL Verification if CRL is not Received. Choices:
|
|
Switch to enable/disable automatic CRL update. Choices:
|
|
Automatic CRL update period. |
|
Unit of time for automatic CRL update. |
|
CRL Distribution URL. |
|
If CRL download fails, wait time before retry. |
|
Unit of time before retry if CRL download fails. |
|
Description for trust certificate. |
|
Switch to enable/disable download of CRL. Choices:
|
|
Switch to enable/disable OCSP Validation. Choices:
|
|
Switch to enable/disable verification if HTTPS or LDAP server certificate name fits the configured server URL. Choices:
|
|
Id path parameter. The ID of the Trusted Certificate to be deleted. |
|
Switch to enable/disable ignore CRL Expiration. Choices:
|
|
Flag for Identity Services Engine SDK to enable debugging. Choices:
|
|
The Identity Services Engine hostname. |
|
The Identity Services Engine password to authenticate. |
|
The Identity Services Engine username to authenticate. |
|
Flag that informs the SDK whether to use the Identity Services Engine’s API Gateway to send requests. If it is true, it uses the ISE’s API Gateway and sends requests to https://{{ise_hostname}}. If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid). Choices:
|
|
Flag to enable or disable SSL certificate verification. Choices:
|
|
Informs the SDK which version of Identity Services Engine to use. Default: “3.1.0” |
|
Flag for Identity Services Engine SDK to enable automatic rate-limit handling. Choices:
|
|
Friendly name of the certificate. |
|
Non automatic CRL update period. |
|
Unit of time of non automatic CRL update. |
|
Switch to reject certificate if there is no status from OCSP. Choices:
|
|
Switch to reject certificate if unreachable from OCSP. Choices:
|
|
Name of selected OCSP Service. |
|
Trusted Certificate’s status. |
|
Trust for Certificate based Admin authentication. Choices:
|
|
Trust for authentication of Cisco Services. Choices:
|
|
Trust for client authentication and Syslog. Choices:
|
|
Trust for authentication within ISE. Choices:
|
See Also
See also
- Trusted Certificate reference
Complete reference of the Trusted Certificate object model.
Examples
- name: Update by id
cisco.ise.trusted_certificate:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
authenticateBeforeCRLReceived: true
automaticCRLUpdate: true
automaticCRLUpdatePeriod: 0
automaticCRLUpdateUnits: string
crlDistributionUrl: string
crlDownloadFailureRetries: 0
crlDownloadFailureRetriesUnits: string
description: string
downloadCRL: true
enableOCSPValidation: true
enableServerIdentityCheck: true
id: string
ignoreCRLExpiration: true
name: string
nonAutomaticCRLUpdatePeriod: 0
nonAutomaticCRLUpdateUnits: string
rejectIfNoStatusFromOCSP: true
rejectIfUnreachableFromOCSP: true
selectedOCSPService: string
status: string
trustForCertificateBasedAdminAuth: true
trustForCiscoServicesAuth: true
trustForClientAuth: true
trustForIseAuth: true
- name: Delete by id
cisco.ise.trusted_certificate:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: absent
id: string
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: “{\n \”authenticateBeforeCRLReceived\”: \”string\”,\n \”automaticCRLUpdate\”: \”string\”,\n \”automaticCRLUpdatePeriod\”: \”string\”,\n \”automaticCRLUpdateUnits\”: \”string\”,\n \”crlDistributionUrl\”: \”string\”,\n \”crlDownloadFailureRetries\”: \”string\”,\n \”crlDownloadFailureRetriesUnits\”: \”string\”,\n \”description\”: \”string\”,\n \”downloadCRL\”: \”string\”,\n \”enableOCSPValidation\”: \”string\”,\n \”enableServerIdentityCheck\”: \”string\”,\n \”expirationDate\”: \”string\”,\n \”friendlyName\”: \”string\”,\n \”id\”: \”string\”,\n \”ignoreCRLExpiration\”: \”string\”,\n \”internalCA\”: true,\n \”isReferredInPolicy\”: true,\n \”issuedBy\”: \”string\”,\n \”issuedTo\”: \”string\”,\n \”keySize\”: \”string\”,\n \”link\”: {\n \”href\”: \”string\”,\n \”rel\”: \”string\”,\n \”type\”: \”string\”\n },\n \”nonAutomaticCRLUpdatePeriod\”: \”string\”,\n \”nonAutomaticCRLUpdateUnits\”: \”string\”,\n \”rejectIfNoStatusFromOCSP\”: \”string\”,\n \”rejectIfUnreachableFromOCSP\”: \”string\”,\n \”selectedOCSPService\”: \”string\”,\n \”serialNumberDecimalFormat\”: \”string\”,\n \”sha256Fingerprint\”: \”string\”,\n \”signatureAlgorithm\”: \”string\”,\n \”status\”: \”string\”,\n \”subject\”: \”string\”,\n \”trustedFor\”: \”string\”,\n \”validFrom\”: \”string\”\n}\n” |
|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: “{\n \”response\”: {\n \”id\”: \”string\”,\n \”link\”: {\n \”href\”: \”string\”,\n \”rel\”: \”string\”,\n \”type\”: \”string\”\n },\n \”message\”: \”string\”\n },\n \”version\”: \”string\”\n}\n” |
Authors
Rafael Campos (@racampos)