--- - hosts: ise_servers gather_facts: false name: Certificate management tasks: # - name: Import certificate into ISE node # cisco.ise.trusted_certificate_import: # ise_hostname: "{{ ise_hostname }}" # ise_username: "{{ ise_username }}" # ise_password: "{{ ise_password }}" # ise_verify: "{{ ise_verify }}" # data: "{{ lookup('file', item) }}" # description: Root CA public certificate # name: RootCert # allowBasicConstraintCAFalse: true # allowOutOfDateCert: false # allowSHA1Certificates: true # trustForCertificateBasedAdminAuth: true # trustForCiscoServicesAuth: true # trustForClientAuth: true # trustForIseAuth: true # validateCertificateExtensions: true # with_fileglob: # - "/Users/rcampos/Downloads/RootCACert.pem" - name: Generate CSR cisco.ise.csr_generate: ise_hostname: "{{ ise_hostname }}" ise_username: "{{ ise_username }}" ise_password: "{{ ise_password }}" ise_verify: "{{ ise_verify }}" allowWildCardCert: true subjectCommonName: ise.securitydemo.net subjectOrgUnit: Sample OU subjectOrg: Sample Org subjectCity: San Francisco subjectState: CA subjectCountry: US keyType: ECDSA keyLength: 1024 digestType: SHA-256 usedFor: MULTI-USEw register: result - name: Set ID value to variable ansible.builtin.set_fact: csr_id: "{{ result['ise_response']['response'][0]['id']}}" when: not ansible_check_mode - name: Pause until the CSR has been signed by the CA ansible.builtin.pause: - name: Bind Signed Certificate cisco.ise.bind_signed_certificate: ise_hostname: "{{ ise_hostname }}" ise_username: "{{ ise_username }}" ise_password: "{{ ise_password }}" ise_verify: "{{ ise_verify }}" admin: true allowExtendedValidity: true allowOutOfDateCert: true allowReplacementOfCertificates: true allowReplacementOfPortalGroupTag: true data: "{{ lookup('file', item) }}" hostName: ise.securitydemo.net name: My Signed Certificate validateCertificateExtensions: true id: "{{ csr_id }}" eap: true radius: true pxgrid: true ims: true portal: true with_fileglob: - /Users/rcampos/Downloads/RootCACert.pem when: not ansible_check_mode