Ansible authentication with windows by using GoDaddy or third party certificates
46 views
Skip to first unread message
karthik kumar
Jan 28, 2021, 2:26:04 PM1/28/21
to Ansible Project
Hi,
Need help on setting up authentication between ansible and windows by using GoDaddy certificates or any third party instead of Openssl or SelfSigned certificate.
I have tried many ways but its not working. i was able to import certificate to windows but when I was trying to map certificate with local user its not able to find thumbprint of imported certificate. so please someone help me to resolve this.
earlier i have tried with basic and openssl certificate auth and it was working.
any suggestions are well appreciated.
Thanks,
Karthik.
jbor...@gmail.com
Jan 28, 2021, 2:32:58 PM1/28/21
to Ansible Project
WinRM certificate auth require certain extensions and authentication methods to be enabled, you can't just use a server authentication certificate that you would use for a website for this. We even document how to create these certs using PowerShell or OpenSSL https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#certificate. Essentially you need a certificate that is enabled for clientAuth (1.3.6.1.5.5.7.3.2) and then a subjectAltName with a specific text value that specifies your user name.
karthik kumar
Feb 3, 2021, 9:36:30 AM2/3/21
to ansible...@googlegroups.com
Hi,
Thanks for the reply and information. i have one question, can we use openssl CA for this purpose? and do you have any steps on how to create Openssl CA certificate?
Thanks in advance.
Regards,
Karthik.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6170979a-f9a4-480a-93e9-2f889f10ec53n%40googlegroups.com.
Antony Stone
Feb 3, 2021, 11:21:05 AM2/3/21
to ansible...@googlegroups.com
On Wednesday 03 February 2021 at 15:36:04, karthik kumar wrote:
> Hi,
>
> Thanks for the reply and information. i have one question, can we use
> openssl CA for this purpose? and do you have any steps on how to create
> Openssl CA certificate?
This question has been answered many many times on various websites before:
> Hi,
>
> Thanks for the reply and information. i have one question, can we use
> openssl CA for this purpose? and do you have any steps on how to create
> Openssl CA certificate?
https://gist.github.com/Soarez/9688998
https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
https://stackoverflow.com/questions/10175812
https://www.openssl.org/docs/man1.0.2/man1/ca.html
Regards,
Antony.
--
3 logicians walk into a bar. The bartender asks "Do you all want a drink?"
The first logician says "I don't know."
The second logician says "I don't know."
The third logician says "Yes!"
Please reply to the list;
please *don't* CC me.
Reply all
Reply to author
Forward
0 new messages