- hosts: ise_servers gather_facts: no name: Certificate management tasks: # - name: Import certificate into ISE node # cisco.ise.trusted_certificate_import: # ise_hostname: "{{ise_hostname}}" # ise_username: "{{ise_username}}" # ise_password: "{{ise_password}}" # ise_verify: "{{ise_verify}}" # data: "{{ lookup('file', item) }}" # description: Root CA public certificate # name: RootCert # allowBasicConstraintCAFalse: true # allowOutOfDateCert: false # allowSHA1Certificates: true # trustForCertificateBasedAdminAuth: true # trustForCiscoServicesAuth: true # trustForClientAuth: true # trustForIseAuth: true # validateCertificateExtensions: true # with_fileglob: # - "/Users/rcampos/Downloads/RootCACert.pem" - name: Generate CSR cisco.ise.csr_generate: ise_hostname: "{{ise_hostname}}" ise_username: "{{ise_username}}" ise_password: "{{ise_password}}" ise_verify: "{{ise_verify}}" allowWildCardCert: true subjectCommonName: ise.securitydemo.net subjectOrgUnit: Sample OU subjectOrg: Sample Org subjectCity: San Francisco subjectState: CA subjectCountry: US keyType: ECDSA keyLength: 1024 digestType: SHA-256 usedFor: MULTI-USEw register: result - name: Set ID value to variable ansible.builtin.set_fact: csr_id: "{{result['ise_response']['response'][0]['id']}}" when: not ansible_check_mode - name: Pause until the CSR has been signed by the CA pause: - name: Bind Signed Certificate cisco.ise.bind_signed_certificate: ise_hostname: "{{ise_hostname}}" ise_username: "{{ise_username}}" ise_password: "{{ise_password}}" ise_verify: "{{ise_verify}}" admin: true allowExtendedValidity: true allowOutOfDateCert: true allowReplacementOfCertificates: true allowReplacementOfPortalGroupTag: true data: "{{ lookup('file', item) }}" hostName: ise.securitydemo.net name: My Signed Certificate validateCertificateExtensions: true id: "{{csr_id}}" eap: true radius: true pxgrid: true ims: true portal: true with_fileglob: - "/Users/rcampos/Downloads/RootCACert.pem" when: not ansible_check_mode