Generate csr via ansible script

Question

Hi All,
Did any one tried to create CSR via f5 ansible module. I am trying my but can't make it. Written below script but it is unable to find ansible module for csr.&nbsp;
&nbsp;
- name: Generate F5 BIG-IP CSR
  hosts: all
  gather_facts: no
  collections:
    - f5networks.f5_modules
  connection: local
  vars:
    f5_server: "{{ your_f5_server }}"
    f5_username: "{{ your_f5_username }}"
    f5_password: "{{ your_f5_password }}"
    csr_name: "{{ your_csr_name }}"
    csr_common_name: "{{ your_csr_common_name }}"
    csr_subject_alternative_names:
      - "{{ your_csr_sans }}"
    csr_key_size: "{{ your_csr_key_size }}"
    csr_key_type: "{{ your_csr_key_type }}"
    csr_algorithm: "{{ your_csr_algorithm }}"
    csr_key_password: "{{ your_csr_key_password }}"
  tasks:
    - name: Generate CSR
      bigip_device_certificate_csr:
        provider:
          server: "{{ f5_server }}"
          user: "{{ f5_username }}"
          password: "{{ f5_password }}"
          validate_certs: no
        name: "{{ csr_name }}"
        common_name: "{{ csr_common_name }}"
        subject_alternative_names: "{{ csr_subject_alternative_names }}"
        key_size: "{{ csr_key_size }}"
        key_type: "{{ csr_key_type }}"
        algorithm: "{{ csr_algorithm }}"
        key_password: "{{ csr_key_password }}"
      register: csr_result
&nbsp;
ERROR! couldn't resolve module/action 'bigip_device_certificate_csr'. This often indicates a misspelling, missing collection, or incorrect module path.
Please help. Thanks

paulius · Answer

Samir I have not but it seems like a lot of work to go through to generate a CSR. I definitely need to become more familiar with ansible and then maybe I could assist more with this.

samir · Answer

Thank yo so much. Source code is correct, I have install all collections from ansible galaxy. Because reset other F5 ansible playbook is working. Infact I have change module to&nbsp;
f5networks.f5_modules.bigip_profile_client_ssl
But no luck. I feel development team to have a look n advice.

whisperer · Answer

Think you want to use bigip_ssl_csr rather than bigip_device_certificate_csr. Please see the following example:

https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_ssl_csr_module.html

samir · Answer

Above link is only helpful for self-sign cert with no parameter such as (not Country, No Organization, etc). I wanted to generate CA based CSR, so that later i can send to CA for public cert. Used both module&nbsp;bigip_ssl_csr and&nbsp;bigip_device_certificate_csr but no luck.&nbsp;
msg: 'Unsupported parameters for (f5networks.f5_modules.bigip_ssl_csr) module: algorithm, key_size, key_type, mode, subject_alternative_names. Supported parameters include: common_name, dest, force, key_name, name, provider, state.'
I don't see much example.
&nbsp;

nrcasperson · Answer

This worked for me:&nbsp;https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/modules_2_0/bigip_ssl_csr_module.htmlAn equivalent TMSH command would be:tmsh create sys crypto csr www.example.com.csr common-name www.example.com key www.example.com.key subject-alternative-name "DNS:www.example.com, DNS:www2.example.com" country US organization "ACME" ou "Team, Organization, Sales"&nbsp;

Forum Discussion

Generate csr via ansible script

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Power of tmsh commands using Ansible

F5 Automation with Ansible Tips and Tricks

Passing Arguments to iCall Scripts

Ansible module to update BIG-IP root/admin passwords

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS