F5Networks
Need a module to properly generate key and a complete csr
ISSUE TYPE
- Feature
COMPONENT NAME
bigip_ssl_csr
ANSIBLE VERSION
ansible 2.9.11
config file = /root/Michelin/ansible-ios-vlan-creation/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.7.6 (default, Jan 30 2020, 09:44:41) [GCC 9.2.1 20190827 (Red Hat 9.2.1-1)]
PYTHON VERSION
Python 3.7.6
BIGIP VERSION
Sys::Version
Main Package
Product BIG-IP
Version 13.1.3.4
Build 0.0.5
Edition Point Release 4
Date Tue Jun 16 14:26:18 PDT 2020
CONFIGURATION
OS / ENVIRONMENT
SUMMARY
bigip_ssl_csr does not reproduce all the features of command create sys crypto key gen-csr as it does not generate the corresponding key Also the module does only allow to specify the CN (C, O, OU, etc. are missing)
EXPECTED RESULTS
The module docs mention that you must already have the key existing to call the module against. The REST api takes multiple steps to achieve this endstate (key and csr).
I would also recommend looking at community standard modules for generating CSRs and KEYs that are not bound to a specific BIG-IP. Being that the workflow is not specific to BIG-IP it may make sense to generate them elsewhere and push to the target BIG-IPs.
https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_csr_module.html https://docs.ansible.com/ansible/latest/collections/community/crypto/x509_certificate_module.html
I was thinking that it is better to leave the private key on the F5 and not generating it on the ansible server itself and then transferring it (for security best practice).
Hi, we are closing this request now. Please re-open if required or send an email to [email protected]. Thanks!
