Note
This plugin is part of the fortinet.fortios collection.
To install it use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_vpn_certificate_setting.
New in version 2.9: of fortinet.fortios
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| host string | FortiOS or FortiGate IP address. | ||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | |
| password string | Default: "" | FortiOS or FortiGate password. | |
| ssl_verify boolean |
| Ensures FortiGate certificate must be verified by a proper CA. | |
| username string | FortiOS or FortiGate username. | ||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | |
| vpn_certificate_setting dictionary | VPN certificate setting. | ||
| certname_dsa1024 string | 1024 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
| certname_dsa2048 string | 2048 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
| certname_ecdsa256 string | 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
| certname_ecdsa384 string | 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
| certname_rsa1024 string | 1024 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
| certname_rsa2048 string | 2048 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
| check_ca_cert string |
| Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted . | |
| check_ca_chain string |
| Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted . | |
| cmp_save_extra_certs string |
| Enable/disable saving extra certificates in CMP mode. | |
| cn_match string |
| When searching for a matching certificate, control how to find matches in the cn attribute of the certificate subject name. | |
| ocsp_default_server string | Default OCSP server. Source vpn.certificate.ocsp-server.name. | ||
| ocsp_status string |
| Enable/disable receiving certificates using the OCSP. | |
| ssl_ocsp_option string |
| Specify whether the OCSP URL is from the certificate or the default OCSP server. | |
| ssl_ocsp_status string |
| Enable/disable SSL OCSP. | |
| strict_crl_check string |
| Enable/disable strict mode CRL checking. | |
| strict_ocsp_check string |
| Enable/disable strict mode OCSP checking. | |
| subject_match string |
| When searching for a matching certificate, control how to find matches in the certificate subject name. | |
Note
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: VPN certificate setting.
fortios_vpn_certificate_setting:
vdom: "{{ vdom }}"
vpn_certificate_setting:
certname_dsa1024: "<your_own_value> (source vpn.certificate.local.name)"
certname_dsa2048: "<your_own_value> (source vpn.certificate.local.name)"
certname_ecdsa256: "<your_own_value> (source vpn.certificate.local.name)"
certname_ecdsa384: "<your_own_value> (source vpn.certificate.local.name)"
certname_rsa1024: "<your_own_value> (source vpn.certificate.local.name)"
certname_rsa2048: "<your_own_value> (source vpn.certificate.local.name)"
check_ca_cert: "enable"
check_ca_chain: "enable"
cmp_save_extra_certs: "enable"
cn_match: "substring"
ocsp_default_server: "<your_own_value> (source vpn.certificate.ocsp-server.name)"
ocsp_status: "enable"
ssl_ocsp_option: "certificate"
ssl_ocsp_status: "enable"
strict_crl_check: "enable"
strict_ocsp_check: "enable"
subject_match: "substring"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_vpn_certificate_setting_module.html