Skip to content

pfsense_ca

Jump to bottom
Orion Poplawski edited this page Jan 13, 2023 · 3 revisions

pfsensible.core.pfsense_ca


        Manage pfSense Certificate Authorities

ADDED IN: version 0.1.0 of pfsensible.core

OPTIONS (= is mandatory):

- certificate
        The certificate for the Certificate Authority.  This can be in
        PEM form or Base64 encoded PEM as a single string (which is
        how pfSense stores it).
        default: null
        type: str

- crl
        The Certificate Revocation List for the Certificate Authority.
        This can be in PEM form or Base64 encoded PEM as a single
        string (which is how pfSense stores it).
        default: null
        type: str

- crlname
        The name of the CRL.  This will default to name + ' CRL'.  If
        multiple CRLs exist with this name, you must specify crlrefid.
        default: null
        type: str
        added in: version 0.5.0 of pfsensible.core


- crlrefid
        The refrence ID of the CRL.  This will default to a unique id
        based on time.
        default: null
        type: str
        added in: version 0.5.0 of pfsensible.core


= name
        The name of the Certificate Authority
        type: str

- randomserial
        Use random serial numbers when signing certifices.
        default: null
        type: bool
        added in: version 0.5.0 of pfsensible.core


- serial
        Number to be used as a sequential serial number for the next
        certificate to be signed by this CA.
        default: null
        type: int
        added in: version 0.5.0 of pfsensible.core


- state
        State in which to leave the Certificate Authority
        choices: [present, absent]
        default: present
        type: str

- trust
        Add this Certificate Authority to the Operating System Trust
        Store.
        default: null
        type: bool
        added in: version 0.5.0 of pfsensible.core



AUTHOR: Orion Poplawski (@opoplawski)

METADATA:
  metadata_version: '1.1'
  status:
  - preview
  supported_by: community

EXAMPLES:

- name: Add AD Certificate Authority
  pfsense_ca:
    name: AD CA
    certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGcXpDQ0E1T2dB...
    crl: |
      -----BEGIN X509 CRL-----
      MIICazCCAVMCAQEwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAxMPTldSQSBPcGVu
      ...
      r0hUUy3w1trKtymlyhmd5XmYzINYp8p/Ws+boST+Fcw3chWTep/J8nKMeKESO0w=
      -----END X509 CRL-----
    state: present

- name: Remove AD Certificate Authority
  pfsense_ca:
    name: AD CA
    state: absent
Clone this wiki locally