cisco.ise.trusted_certificate module – Resource module for Trusted Certificate
Note
This module is part of the cisco.ise collection (version 2.9.6).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install cisco.ise.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.ise.trusted_certificate.
New in cisco.ise 1.0.0
Synopsis
Manage operations update and delete of the resource Trusted Certificate.
This API deletes a Trust Certificate from Trusted Certificate Store based on a given ID.
Update a trusted certificate present in Cisco ISE trust store.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
ciscoisesdk >= 2.2.3
python >= 3.5
Parameters
Parameter |
Comments |
|---|---|
Switch to enable or disable CRL verification if CRL is not received. Choices:
|
|
Switch to enable or disable automatic CRL update. Choices:
|
|
Automatic CRL update period. |
|
Unit of time for automatic CRL update. |
|
CRL Distribution URL. |
|
If CRL download fails, wait time before retry. |
|
Unit of time before retry if CRL download fails. |
|
Description for trust certificate. |
|
Switch to enable or disable download of CRL. Choices:
|
|
Switch to enable or disable OCSP Validation. Choices:
|
|
Switch to enable or disable verification if HTTPS or LDAP server certificate name fits the configured server URL. Choices:
|
|
Id path parameter. ID of the trust certificate. |
|
Switch to enable or disable ignore CRL expiration. Choices:
|
|
Flag for Identity Services Engine SDK to enable debugging. Choices:
|
|
The Identity Services Engine hostname. |
|
The Identity Services Engine password to authenticate. |
|
Timeout (in seconds) for RESTful HTTP requests. Default: |
|
The Identity Services Engine username to authenticate. |
|
Flag that informs the SDK whether to use the Identity Services Engine’s API Gateway to send requests. If it is true, it uses the ISE’s API Gateway and sends requests to https://{{ise_hostname}}. If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid). Choices:
|
|
Flag that informs the SDK whether we send the CSRF token to ISE’s ERS APIs. If it is True, the SDK assumes that your ISE CSRF Check is enabled. If it is True, it assumes you need the SDK to manage the CSRF token automatically for you. Choices:
|
|
Flag to enable or disable SSL certificate verification. Choices:
|
|
Informs the SDK which version of Identity Services Engine to use. Default: |
|
Flag for Identity Services Engine SDK to enable automatic rate-limit handling. Choices:
|
|
Friendly name of the certificate. |
|
Non automatic CRL update period. |
|
Unit of time of non automatic CRL update. |
|
Switch to reject certificate if there is no status from OCSP. Choices:
|
|
Switch to reject certificate if unreachable from OCSP. Choices:
|
|
Name of selected OCSP Service. |
|
Trusted Certificate’s status. |
|
Trust for Certificate based Admin authentication. Choices:
|
|
Trust for authentication of Cisco Services. Choices:
|
|
Trust for client authentication and Syslog. Choices:
|
|
Trust for authentication within Cisco ISE. Choices:
|
Notes
Note
SDK Method used are certificates.Certificates.delete_trusted_certificate_by_id, certificates.Certificates.update_trusted_certificate,
Paths used are delete /api/v1/certs/trusted-certificate/{id}, put /api/v1/certs/trusted-certificate/{id},
Does not support
check_modeThe plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco ISE SDK
The parameters starting with ise_ are used by the Cisco ISE Python SDK to establish the connection
See Also
See also
- Cisco ISE documentation for Certificates
Complete reference of the Certificates API.
Examples
- name: Update by id
cisco.ise.trusted_certificate:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
authenticateBeforeCRLReceived: true
automaticCRLUpdate: true
automaticCRLUpdatePeriod: 0
automaticCRLUpdateUnits: string
crlDistributionUrl: string
crlDownloadFailureRetries: 0
crlDownloadFailureRetriesUnits: string
description: string
downloadCRL: true
enableOCSPValidation: true
enableServerIdentityCheck: true
id: string
ignoreCRLExpiration: true
name: string
nonAutomaticCRLUpdatePeriod: 0
nonAutomaticCRLUpdateUnits: string
rejectIfNoStatusFromOCSP: true
rejectIfUnreachableFromOCSP: true
selectedOCSPService: string
status: string
trustForCertificateBasedAdminAuth: true
trustForCiscoServicesAuth: true
trustForClientAuth: true
trustForIseAuth: true
- name: Delete by id
cisco.ise.trusted_certificate:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: absent
id: string
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: |
|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: |