Server IP : 85.214.239.14 / Your IP : 18.189.194.225 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /usr/lib/python3/dist-packages/ansible_collections/cisco/ise/playbooks/ |
Upload File : |
--- - hosts: ise_servers gather_facts: false name: Certificate management tasks: # - name: Import certificate into ISE node # cisco.ise.trusted_certificate_import: # ise_hostname: "{{ ise_hostname }}" # ise_username: "{{ ise_username }}" # ise_password: "{{ ise_password }}" # ise_verify: "{{ ise_verify }}" # data: "{{ lookup('file', item) }}" # description: Root CA public certificate # name: RootCert # allowBasicConstraintCAFalse: true # allowOutOfDateCert: false # allowSHA1Certificates: true # trustForCertificateBasedAdminAuth: true # trustForCiscoServicesAuth: true # trustForClientAuth: true # trustForIseAuth: true # validateCertificateExtensions: true # with_fileglob: # - "/Users/rcampos/Downloads/RootCACert.pem" - name: Generate CSR cisco.ise.csr_generate: ise_hostname: "{{ ise_hostname }}" ise_username: "{{ ise_username }}" ise_password: "{{ ise_password }}" ise_verify: "{{ ise_verify }}" allowWildCardCert: true subjectCommonName: ise.securitydemo.net subjectOrgUnit: Sample OU subjectOrg: Sample Org subjectCity: San Francisco subjectState: CA subjectCountry: US keyType: ECDSA keyLength: 1024 digestType: SHA-256 usedFor: MULTI-USEw register: result - name: Set ID value to variable ansible.builtin.set_fact: csr_id: "{{ result['ise_response']['response'][0]['id']}}" when: not ansible_check_mode - name: Pause until the CSR has been signed by the CA ansible.builtin.pause: - name: Bind Signed Certificate cisco.ise.bind_signed_certificate: ise_hostname: "{{ ise_hostname }}" ise_username: "{{ ise_username }}" ise_password: "{{ ise_password }}" ise_verify: "{{ ise_verify }}" admin: true allowExtendedValidity: true allowOutOfDateCert: true allowReplacementOfCertificates: true allowReplacementOfPortalGroupTag: true data: "{{ lookup('file', item) }}" hostName: ise.securitydemo.net name: My Signed Certificate validateCertificateExtensions: true id: "{{ csr_id }}" eap: true radius: true pxgrid: true ims: true portal: true with_fileglob: - /Users/rcampos/Downloads/RootCACert.pem when: not ansible_check_mode