Note
This plugin is part of the fortinet.fortios collection.
To install it use: ansible-galaxy collection install fortinet.fortios
.
To use it in a playbook, specify: fortinet.fortios.fortios_vpn_certificate_setting
.
New in version 2.9: of fortinet.fortios
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
host string | FortiOS or FortiGate IP address. | ||
https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | |
password string | Default: "" | FortiOS or FortiGate password. | |
ssl_verify boolean |
| Ensures FortiGate certificate must be verified by a proper CA. | |
username string | FortiOS or FortiGate username. | ||
vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | |
vpn_certificate_setting dictionary | VPN certificate setting. | ||
certname_dsa1024 string | 1024 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
certname_dsa2048 string | 2048 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
certname_ecdsa256 string | 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
certname_ecdsa384 string | 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
certname_rsa1024 string | 1024 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
certname_rsa2048 string | 2048 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. | ||
check_ca_cert string |
| Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted . | |
check_ca_chain string |
| Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted . | |
cmp_save_extra_certs string |
| Enable/disable saving extra certificates in CMP mode. | |
cn_match string |
| When searching for a matching certificate, control how to find matches in the cn attribute of the certificate subject name. | |
ocsp_default_server string | Default OCSP server. Source vpn.certificate.ocsp-server.name. | ||
ocsp_status string |
| Enable/disable receiving certificates using the OCSP. | |
ssl_ocsp_option string |
| Specify whether the OCSP URL is from the certificate or the default OCSP server. | |
ssl_ocsp_status string |
| Enable/disable SSL OCSP. | |
strict_crl_check string |
| Enable/disable strict mode CRL checking. | |
strict_ocsp_check string |
| Enable/disable strict mode OCSP checking. | |
subject_match string |
| When searching for a matching certificate, control how to find matches in the certificate subject name. |
Note
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: VPN certificate setting. fortios_vpn_certificate_setting: vdom: "{{ vdom }}" vpn_certificate_setting: certname_dsa1024: "<your_own_value> (source vpn.certificate.local.name)" certname_dsa2048: "<your_own_value> (source vpn.certificate.local.name)" certname_ecdsa256: "<your_own_value> (source vpn.certificate.local.name)" certname_ecdsa384: "<your_own_value> (source vpn.certificate.local.name)" certname_rsa1024: "<your_own_value> (source vpn.certificate.local.name)" certname_rsa2048: "<your_own_value> (source vpn.certificate.local.name)" check_ca_cert: "enable" check_ca_chain: "enable" cmp_save_extra_certs: "enable" cn_match: "substring" ocsp_default_server: "<your_own_value> (source vpn.certificate.ocsp-server.name)" ocsp_status: "enable" ssl_ocsp_option: "certificate" ssl_ocsp_status: "enable" strict_crl_check: "enable" strict_ocsp_check: "enable" subject_match: "substring"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build string | always | Build number of the fortigate image Sample: 1547 |
http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
name string | always | Name of the table used to fulfill the request Sample: urlfilter |
path string | always | Path of the table used to fulfill the request Sample: webfilter |
revision string | always | Internal revision number Sample: 17.0.2.10658 |
serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
status string | always | Indication of the operation's result Sample: success |
vdom string | always | Virtual domain used Sample: root |
version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_vpn_certificate_setting_module.html