03-08-2018 03:12 PM
Hello,
I am struggling with the basic setup.
I can use curl to verify I have a user and password that works, but curl can ignore the certificate.
Is there a way for ansible-pan to ignore it as well?
Thanks for your help!
04-06-2018 07:20 AM
I found out you have to use a valid certificate. Either accept the cert by manually updating the keystore or use a trusted CA. We had a wildcard cert and once that was applied the connections started working and I can manage the firewall with ansible.
04-06-2018 06:30 AM
Are you MiTM the connection? I guess I am really asking why are you having to ignore the certificate?
04-06-2018 07:20 AM
I found out you have to use a valid certificate. Either accept the cert by manually updating the keystore or use a trusted CA. We had a wildcard cert and once that was applied the connections started working and I can manage the firewall with ansible.
07-24-2019 02:01 PM - edited 07-24-2019 02:04 PM
If you are on RedHat or Centos, the easiest way to do this is to export the following environment variable before you run your playbook:
$ export PYTHONHTTPSVERIFY=0
This works with virtual environments as well.
07-25-2019 08:40 AM
That is valid however I would not recommend it.
This is a global setting and could be a security risk.
Here are some alternatives that I have used.
1. Use a valid cert
2. Use a SSC and add it to the key store on the server
3. Use the URI ansible module and set validate_certs=no
I'm sure there are many others that could be used.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
