cisco.ise.system_certificate_import – Resource module for System Certificate Import

Note

This plugin is part of the cisco.ise collection (version 1.1.0).

To install it use: ansible-galaxy collection install cisco.ise.

To use it in a playbook, specify: cisco.ise.system_certificate_import.

New in version 1.0.0: of cisco.ise

Synopsis

• Manage operation create of the resource System Certificate Import.

Note

This module has a corresponding action plugin.

Requirements

The below requirements are needed on the host that executes this module.

• ciscoisesdk >= 1.0.0

• python >= 3.5

Parameters

Parameter	Choices/Defaults	Comments
admin boolean	Choices: no yes	Use certificate to authenticate the ISE Admin Portal.
allowExtendedValidity boolean	Choices: no yes	Allow import of certificates with validity greater than 398 days.
allowOutOfDateCert boolean	Choices: no yes	Allow out of date certificates (required).
allowReplacementOfCertificates boolean	Choices: no yes	Allow Replacement of certificates (required).
allowReplacementOfPortalGroupTag boolean	Choices: no yes	Allow Replacement of Portal Group Tag (required).
allowSHA1Certificates boolean	Choices: no yes	Allow SHA1 based certificates (required).
allowWildCardCertificates boolean	Choices: no yes	Allow Wildcard Certificates.
data string		Certificate Content (required).
eap boolean	Choices: no yes	Use certificate for EAP protocols that use SSL/TLS tunneling.
ims boolean	Choices: no yes	Use certificate for the ISE Messaging Service.
ise_debug boolean	Choices: no ← yes	Flag for Identity Services Engine SDK to enable debugging.
ise_hostname string / required		The Identity Services Engine hostname.
ise_password string / required		The Identity Services Engine password to authenticate.
ise_username string / required		The Identity Services Engine username to authenticate.
ise_verify boolean	Choices: no yes ←	Flag to enable or disable SSL certificate verification.
ise_version string	Default: "3.0.0"	Informs the SDK which version of Identity Services Engine to use.
ise_wait_on_rate_limit boolean	Choices: no yes ←	Flag for Identity Services Engine SDK to enable automatic rate-limit handling.
name string		Name of the certificate.
password string		Certificate Password (required).
portal boolean	Choices: no yes	Use for portal.
portalGroupTag string		Set Group tag.
privateKeyData string		Private Key data (required).
pxgrid boolean	Choices: no yes	Use certificate for the pxGrid Controller.
radius boolean	Choices: no yes	Use certificate for the RADSec server.
saml boolean	Choices: no yes	Use certificate for SAML Signing.
validateCertificateExtensions boolean	Choices: no yes	Validate Certificate Extensions.

Notes

Note

• Does not support check_mode

See Also

See also

System Certificate Import reference

Complete reference of the System Certificate Import object model.

Examples

- name: Create
  cisco.ise.system_certificate_import:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    admin: true
    allowExtendedValidity: true
    allowOutOfDateCert: true
    allowReplacementOfCertificates: true
    allowReplacementOfPortalGroupTag: true
    allowSHA1Certificates: true
    allowWildCardCertificates: true
    data: string
    eap: true
    ims: true
    name: string
    password: string
    portal: true
    portalGroupTag: string
    privateKeyData: string
    pxgrid: true
    radius: true
    saml: true
    validateCertificateExtensions: true

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
ise_response dictionary	always	A dictionary or list with the response returned by the Cisco ISE Python SDK Sample: { "response": { "id": "string", "message": "string", "status": "string" }, "version": "string" }

Authors

• Rafael Campos (@racampos)