Signature based authentication

[Tariq Iqbal]

Hello All,

I am trying to follow this process outlined below for Ansible to authenicate to APIC controller using signature based authentication.

https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html#signature-based-authentication-using-certificates

I need to determine where the open ssl command is ran.  Is it ran on the APIC controller or the Ansible controller?

Generate certificate and private key

Signature-based authentication requires a (self-signed) X.509 certificate with private key, and a configuration step for your AAA user in ACI. To generate a working X.509 certificate and private key, use the following procedure:

$ openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout admin.key -out admin.crt -subj '/CN=Admin/O=Your Company/C=US'

[Kai Stian Olstad]

On 02.07.2019 22:37, Tariq Iqbal wrote:
> Hello All,
>
> I am trying to follow this process outlined below for Ansible to
> authenicate to APIC controller using signature based authentication.
>
> https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html#signature-based-authentication-using-certificates
>
> I need to determine where the open ssl command is ran. Is it ran on the
> APIC controller or the Ansible controller?

If you read the whole page you are linking to you find your answer
https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html#running-on-the-controller-locally


--
Kai Stian Olstad

[Thomas Renzy]

Hi Tariq,

You generate this key on your Ansible control system.

Thanks,

Thomas

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/150a025e-2846-46a7-9541-a1de3f7358c1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Tariq Iqbal]

Thanks Tom for all your help.

On Tuesday, July 2, 2019 at 4:47:00 PM UTC-5, Thomas Renzy wrote:

Hi Tariq,

You generate this key on your Ansible control system.

Thanks,

Thomas

On Tue, Jul 2, 2019 at 1:38 PM Tariq Iqbal <tariq....@gmail.com> wrote:

Hello All,

I am trying to follow this process outlined below for Ansible to authenicate to APIC controller using signature based authentication.

https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html#signature-based-authentication-using-certificates

I need to determine where the open ssl command is ran.  Is it ran on the APIC controller or the Ansible controller?

Generate certificate and private key

Signature-based authentication requires a (self-signed) X.509 certificate with private key, and a configuration step for your AAA user in ACI. To generate a working X.509 certificate and private key, use the following procedure:

$ openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout admin.key -out admin.crt -subj '/CN=Admin/O=Your Company/C=US'

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ansible...@googlegroups.com.

[Thomas Renzy]

Hey Tariq,

One issue to be aware of. When I generated my certificate and keys, it had the start time set for 8 hours ahead of time. I can only imagine it set this because of GMT time and I am US PST. You can check the start time for the cert with the following command:

openssl x509 -in (name of cert).crt -text

Hope this helps.

Thanks,

Thomas

To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b5f84d36-2446-4611-8dff-fea5a7b116d8%40googlegroups.com.