Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to automate renewal/installation of CA signed certificate?
2022-03-17
01:07 PM
2,356 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, I am trying to use the ansible module https://docs.ansible.com/ansible/2.10/collections/netapp/ontap/na_ontap_security_certificates_module.html
We’re updating an expiring signed certificate, which requires the deletion of an existing certificate, which stops the ssl service. If the service stops every time a certificate is deleted, how am I supposed to install the new one. The SSL service is down after deleting.
I have also tried using the netapp command line module which allows me to run the proper command "cert install (parameters)" but I cannot use this workaround because I cannot figure out how to get ansible to wait for the user inputs (I am prompted for my certificate and private key).
I have also made a post here: https://github.com/ansible-collections/netapp.ontap/issues/53 which shows my ansible playbook.
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The folks in that GitHub issue or in the #configurationmgmt channel of Slack will know best about the Anisible specifics. However, as far as a general workflow goes, I would expect it to be something like this:
- Install the new certificate
- Modify the web service to use the new certificate
- Remove the old certificate
You may end up with a disconnection before you get a response to step 2, I'm not sure. You'd want to handle the error and retry in that case.
