ONTAP Rest API Discussions

How to automate renewal/installation of CA signed certificate?

rcordova
1,882 Views

 Hello, I am trying to use the ansible module https://docs.ansible.com/ansible/2.10/collections/netapp/ontap/na_ontap_security_certificates_module.html

 

We’re updating an expiring signed certificate, which requires the deletion of an existing certificate, which stops the ssl service. If the service stops every time a certificate is deleted, how am I supposed to install the new one. The SSL service is down after deleting.

 

I have also tried using the netapp command line module which allows me to run the proper command "cert install (parameters)" but I cannot use this workaround because I cannot figure out how to get ansible to wait for the user inputs (I am prompted for my certificate and private key).

 

I have also made a post here: https://github.com/ansible-collections/netapp.ontap/issues/53 which shows my ansible playbook.

1 REPLY 1

RobertBlackhart
1,874 Views

The folks in that GitHub issue or in the #configurationmgmt channel of Slack will know best about the Anisible specifics. However, as far as a general workflow goes, I would expect it to be something like this:

 

  1. Install the new certificate
  2. Modify the web service to use the new certificate
  3. Remove the old certificate

You may end up with a disconnection before you get a response to step 2, I'm not sure. You'd want to handle the error and retry in that case.

Public