dellemc.openmanage.ome_application_certificate module – This module allows to generate a CSR and upload the certificate

Note

This module is part of the dellemc.openmanage collection (version 9.9.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dellemc.openmanage. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: dellemc.openmanage.ome_application_certificate.

New in dellemc.openmanage 2.1.0

Synopsis

  • This module allows the generation a new certificate signing request (CSR) and to upload the certificate on OpenManage Enterprise.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.9.6

Parameters

Parameter

Comments

business_name

string

Name of the business that issued the certificate. This option is applicable for generate_csr.

ca_path

path

added in dellemc.openmanage 5.0.0

The Privacy Enhanced Mail (PEM) file that contains a CA certificate to be used for the validation.

command

string

generate_csr allows the generation of a CSR.

upload uploads the certificate on OpenManage Enterprise.

upload_cert_chain uploads the certificate chain on OpenManage Enterprise.

Choices:

  • "generate_csr" ← (default)

  • "upload"

  • "upload_cert_chain"

country

string

Country in which the issuer resides. This option is applicable for generate_csr.

country_state

string

State in which the issuer resides. This option is applicable for generate_csr.

department_name

string

Name of the department that issued the certificate. This option is applicable for generate_csr.

distinguished_name

string

Name of the certificate issuer. This option is applicable for generate_csr.

email

string

Email associated with the issuer. This option is applicable for generate_csr.

hostname

string / required

OpenManage Enterprise or OpenManage Enterprise Modular IP address or hostname.

locality

string

Local address of the issuer of the certificate. This option is applicable for generate_csr.

password

string

OpenManage Enterprise or OpenManage Enterprise Modular password.

If the password is not provided, then the environment variable OME_PASSWORD is used.

Example: export OME_PASSWORD=password

port

integer

OpenManage Enterprise or OpenManage Enterprise Modular HTTPS port.

Default: 443

subject_alternative_names

string

added in dellemc.openmanage 8.1.0

Subject alternative name required for the certificate signing request generation.

Supports up to 4 comma separated values starting from primary, secondary, Tertiary and Quaternary values.

timeout

integer

added in dellemc.openmanage 5.0.0

The socket level timeout in seconds.

Default: 30

upload_file

string

Local path of the certificate file to be uploaded. This option is applicable for upload and upload_cert_chain. Once the certificate is uploaded, OpenManage Enterprise cannot be accessed for a few seconds. The formats of the certificate file are .crt, .cer, .ca-bundle, .p7b, .der, and .pem.

username

string

OpenManage Enterprise or OpenManage Enterprise Modular username.

If the username is not provided, then the environment variable OME_USERNAME is used.

Example: export OME_USERNAME=username

validate_certs

boolean

added in dellemc.openmanage 5.0.0

If false, the SSL certificates will not be validated.

Configure false only on personally controlled sites where self-signed certificates are used.

Prior to collection version 5.0.0, the validate_certs is false by default.

Choices:

  • false

  • true ← (default)

x_auth_token

string

added in dellemc.openmanage 9.3.0

Authentication token.

If the x_auth_token is not provided, then the environment variable OME_X_AUTH_TOKEN is used.

Example: export OME_X_AUTH_TOKEN=x_auth_token

Notes

Note

  • If a certificate is uploaded, which is identical to an already existing certificate, it is accepted by the module.

  • This module does not support check_mode.

Examples

---
- name: Generate a certificate signing request
  dellemc.openmanage.ome_application_certificate:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    ca_path: "/path/to/ca_cert.pem"
    command: "generate_csr"
    distinguished_name: "hostname.com"
    department_name: "Remote Access Group"
    business_name: "Dell Inc."
    locality: "Round Rock"
    country_state: "Texas"
    country: "US"
    email: "[email protected]"

- name: Generate a certificate signing request with subject alternative names
  dellemc.openmanage.ome_application_certificate:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    ca_path: "/path/to/ca_cert.pem"
    command: "generate_csr"
    distinguished_name: "hostname.com"
    subject_alternative_names: "hostname1.chassis.com,hostname2.chassis.com"
    department_name: "Remote Access Group"
    business_name: "Dell Inc."
    locality: "Round Rock"
    country_state: "Texas"
    country: "US"
    email: "[email protected]"

- name: Upload the certificate
  dellemc.openmanage.ome_application_certificate:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    ca_path: "/path/to/ca_cert.pem"
    command: "upload"
    upload_file: "/path/certificate.cer"

- name: Upload the certificate chain
  dellemc.openmanage.ome_application_certificate:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    ca_path: "/path/to/ca_cert.pem"
    command: "upload_cert_chain"
    upload_file: "/path/certificate_chain.p7b"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

csr_status

dictionary

Details of the generated certificate.

Returned: on success

Sample: {"CertificateData": "-----BEGIN CERTIFICATE REQUEST-----GHFSUEKLELE af3u4h2rkdkfjasczjfefhkrr/frjrfrjfrxnvzklf/nbcvxmzvndlskmcvbmzkdk kafhaksksvklhfdjtrhhffgeth/tashdrfstkm@kdjFGD/sdlefrujjfvvsfeikdf yeufghdkatbavfdomehtdnske/tahndfavdtdfgeikjlagmdfbandfvfcrfgdtwxc qwgfrteyupojmnsbajdkdbfs/ujdfgthedsygtamnsuhakmanfuarweyuiwruefjr etwuwurefefgfgurkjkdmbvfmvfvfk==-----END CERTIFICATE REQUEST-----"}

error_info

dictionary

Details of the HTTP error.

Returned: on HTTP error

Sample: {"error": {"@Message.ExtendedInfo": [{"Message": "Unable to upload the certificate because the certificate file provided is invalid.", "MessageArgs": [], "MessageId": "CSEC9002", "RelatedProperties": [], "Resolution": "Make sure the CA certificate and private key are correct and retry the operation.", "Severity": "Critical"}], "code": "Base.1.0.GeneralError", "message": "A general error has occurred. See ExtendedInfo for more information."}}

msg

string

Overall status of the certificate signing request.

Returned: always

Sample: "Successfully generated certificate signing request."

Authors

  • Felix Stephen (@felixs88)

  • Kritika Bhateja (@Kritika-Bhateja-03)

  • Jennifer John (@Jennifer-John)

  • Abhishek Sinha (@ABHISHEK-SINHA10)

  • Saksham Nautiyal (@Saksham-Nautiyal)