fadcos_system_certificate_local – Generate Certificate Signing Request in Fortinet’s FortiADC

New in version 1.1.0.

Synopsis

  • Generate certificate signing request of Local Certificate in Manage Certificates Page

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.8

FortiADC Version Compatibility


v7.1.4 v7.2.2 v7.4.0
fadcos_system_certificate_local yes yes yes

Parameters

  • action - Type of action to perform on the object. type: str required: true
  • name - config certificate name type: str required: false
  • id_type - Specify the ID type.type: str required: false
  • ip - Specify the IP if the id type is ip.type: int required: false default: 192.0.2.1
  • domain - Specify the Domain Name if the id type is domain.type: str required: false default: www.example.com
  • email - Specify the Email if the id type is email.type: str required: false default: admin@example.com
  • orgUnit - Specify the Organization Unit.type: list required: false
  • org - Specify the Organization.type: str required: false
  • city - Specify the City/Locality.type: str required: false
  • state - Specify the State/Province.type: str required: false
  • country - Specify the Country/Region.type: str required: false default: AF
  • orgEmail - Specify the Email Address.type: str required: false
  • san - Specify the Subject Alternative Name.type: str required: false
  • enc_meth - Specify the Private Key Encryption.type: str required: false default: aes128
  • k_pwd - Specify the Private Key Password.type: str required: false
  • keyType - Specify the Key Type in Key Information. (1:RSA, 2:ECDSA)type: str required: false default: 1
  • keySize - Specify the Key Size if keyType is 1(RSA).type: str required: false default: 512
  • hash - Specify the Hash Function if keyType is 1(RSA).type: str required: false default: SHA1
  • keySizeECDSA - Specify the Key Size if keyType is 2(ECDSA).type: str required: false default: 256
  • enrollMethod - Specify the Enrollment Method in Enrollment Information. (file/scep) type: str required: false default: file
  • scep_url - Specify URL if Enrollment Method is sceptype: str required: true (if Enrollment Method is scep)
  • c_pwd - Specify the Challenge Password if Enrollment Method is sceptype: str required: true (if Enrollment Method is scep)
  • ca_id - Specify the CA Identifer if Enrollment Method is sceptype: str required: true (if Enrollment Method is scep)
  • vdom - VDOM name if enabled.type: str required: true(if VDOM is enabled)

Examples

- name:
  hosts: all
  vars:
  connection: httpapi
  gather_facts: false
    tasks:
    - name: create
      fadcos_system_certificate_local:
       action: add
       name: test
       id_type: ip
       ip: '192.0.2.1'
       orgUnit:
              - test1
              - test2
       org: 'MyCorp Inc.'
       city: Sunnyvale
       state: CA
       country: AF
       orgEmail: 'admin@exammple.com'
       san: 'IP:192.168.1.102'
       enc_meth: aes128
       k_pwd: test
       keyType: '1'
       keySize: '2048'
       hash: SHA256
       enrollMethod: file

    - name: create
      fadcos_system_certificate_local:
       action: add
       name: test2
       id_type: domain
       domain: www.example.com
       orgUnit:
              - test3
       org: MyCorp2 Inc.
       city: Sunnyvale
       country: AF
       state: CA
       orgEmail: admin@exammple.com
       san: 'DNS:www.a.b'
       enc_meth: aes192
       k_pwd: test
       keyType: '2'
       keySizeECDSA: '512'
       enrollMethod: file

    - name: get
      fadcos_system_certificate_local:
       action: get

    - name: delete
      fadcos_system_certificate_local:
       action: remove
       name: test

    - name: delete
      fadcos_system_certificate_local:
       action: remove
       name: test2

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • 200 - OK: Request returns successful.
  • 400 - Bad Request: Request cannot be processed by the API.
  • 401 - Not Authorized: Request without successful login session.
  • 403 - Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
  • 404 - Resource Not Found: Unable to find the specified resource.
  • 405 - Method Not Allowed: Specified HTTP method is not allowed for this resource.
  • 413 - Request Entity Too Large: Request cannot be processed due to large entity.
  • 424 - Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, or invalid attribute value.
  • 429 - Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
  • 500 - Internal Server Error: Internal error when processing the request.

For errorcode please check FortiADC API errorcode at : https://fndn.fortinet.net/index.php?/fortiapi/981-fortiadc/

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Wayne Chou

Hint

If you notice any issues in this documentation, you can create a pull request to improve it at: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortiadc-sphinxdoc/pulls