a10_pki_cmp_cert
Synopsis
CMP Certificate enrollment object
Parameters
Parameters |
Choices/Defaults |
Comment |
|
---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
Specify Certificate name to be enrolled |
||
url str |
CMP server’s absolute URL(http(s)=//host=[port]/path), path is the location to use for the CMP server(aka CMP alias) |
||
subject_dn str |
Distinguished Name to use while enrolling the certificate(For EJBCA CA, this is the subject DN of an End Entity) (DN OID is case sensitive) |
||
recipient_dn str |
Distinguished Name of the CMP message recipient, i.e., the CMP server (usually a CA or RA entity)) (DN OIDis case sensitive) |
||
subject_alternate_name dict |
Field subject_alternate_name |
||
san_type str |
‘email’= Enter e-mail address of the subject; ‘dns’= Enter hostname of the subject; ‘ip’= Enter IP address of the subject; |
||
san_value str |
Value of subject-alternate-name |
||
enroll bool |
Initiates enrollment of device with the CA |
||
log_level int |
Level for logging output of CMP commands(default 1 and detailed 2) |
||
secret bool |
Specify the pre-shared secret used to enroll the device’s certificate |
||
secret_string str |
pre-shared secret |
||
encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) |
||
renew_before bool |
Specify interval before certificate expiry to renew the certificate |
||
renew_before_type str |
‘hour’= Number of hours before cert expiry; ‘day’= Number of days before cert expiry; ‘week’= Number of weeks before cert expiry; ‘month’= Number of months before cert expiry(1 month=30 days); |
||
renew_before_value int |
Value of renewal period |
||
renew_every bool |
Specify periodic interval in which to renew the certificate |
||
minute int |
Periodic interval in minutes |
||
renew_every_type str |
‘hour’= Periodic interval in hours; ‘day’= Periodic interval in days; ‘week’= Periodic interval in weeks; ‘month’= Periodic interval in months(1 month=30 days); |
||
renew_every_value int |
Value of renewal period |
||
cert_type bool |
Specify the type of certificate |
||
rsa_type bool |
RSA certificate (default) |
||
ecdsa_type bool |
ECDSA certificate |
||
rsa_key_length str |
‘1024’= Key size 1024 bits; ‘2048’= Key size 2048 bits(default); ‘4096’= Key size 4096 bits; ‘8192’= Key size 8192 bits; |
||
ec_key_length str |
‘256’= Key size 256 bits; ‘384’= Key size 384 bits(default); |
||
max_polltime int |
Maximum time in seconds a(n) enrollment/key update may take (default 120) |
||
cmp_trusted_ca str |
The specific CA to trust while verifying signature of CMP response message |
||
cmp_trusted_cert str |
The specific CMP server certificate to use and directly trust when verifying signature of CMP response message |
||
allow_unprotected_errors bool |
Accept missing or invalid protection of negative responses(CA likes EJCBA tends to not protect negative responses) |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.