You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

panos_cert_gen_ssh - generates a self-signed certificate using SSH protocol with SSH key¶

New in version 2.3.

Synopsis
Requirements (on host that executes module)
Options
Examples
Notes
- Status

Synopsis ¶

This module generates a self-signed certificate that can be used by GlobalProtect client, SSL connector, or
otherwise. Root certificate must be preset on the system first. This module depends on paramiko for ssh.

Requirements (on host that executes module)¶

paramiko

Options ¶

parameter	required	default	choices	comments
cert_cn	yes			Certificate CN (common name) embedded in the certificate signature.
cert_friendly_name	yes			Human friendly certificate name (not CN but just a friendly name).
ip_address	yes			IP address (or hostname) of PAN-OS device being configured.
key_filename	yes			Location of the filename that is used for the auth. Either key_filename or password is required.
password	yes			Password credentials to use for auth. Either key_filename or password is required.
rsa_nbits	no	2048		Number of bits used by the RSA algorithm for the certificate generation.
signed_by	yes			Undersigning authority (CA) that MUST already be presents on the device.

Examples ¶

# Generates a new self-signed certificate using ssh
- name: generate self signed certificate
  panos_cert_gen_ssh:
    ip_address: "192.168.1.1"
    password: "paloalto"
    cert_cn: "1.1.1.1"
    cert_friendly_name: "test123"
    signed_by: "root-ca"

Notes ¶

Note

Checkmode is not supported.

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.