NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Rest API Discussions

How to automate renewal/installation of CA signed certificate?

rcordova
3,367 Views

 Hello, I am trying to use the ansible module https://docs.ansible.com/ansible/2.10/collections/netapp/ontap/na_ontap_security_certificates_module.html

 

We’re updating an expiring signed certificate, which requires the deletion of an existing certificate, which stops the ssl service. If the service stops every time a certificate is deleted, how am I supposed to install the new one. The SSL service is down after deleting.

 

I have also tried using the netapp command line module which allows me to run the proper command "cert install (parameters)" but I cannot use this workaround because I cannot figure out how to get ansible to wait for the user inputs (I am prompted for my certificate and private key).

 

I have also made a post here: https://github.com/ansible-collections/netapp.ontap/issues/53 which shows my ansible playbook.

1 REPLY 1

RobertBlackhart
3,359 Views

The folks in that GitHub issue or in the #configurationmgmt channel of Slack will know best about the Anisible specifics. However, as far as a general workflow goes, I would expect it to be something like this:

 

  1. Install the new certificate
  2. Modify the web service to use the new certificate
  3. Remove the old certificate

You may end up with a disconnection before you get a response to step 2, I'm not sure. You'd want to handle the error and retry in that case.

Public