h3po · August 11, 2021 13:07
diff --git a/import-switch-certificates.yml b/import-switch-certificates.yml
 #run with -e certdir=/some/path to point at the dir with your {{ inventory_hostname }}.pem and .key files

 - name: import wildcard certificate to the switches
  hosts: cisco_switch
  gather_facts: false
  become: false
  vars:
    certpath: "{{ certdir }}/{{ inventory_hostname }}.pem"
    keypath: "{{ certdir }}/{{ inventory_hostname }}.key"
    ansible_connection: network_cli
    ansible_network_os: community.ciscosmb.ciscosmb
    ansible_python_interpreter: auto_silent
  tasks:

    - name: prepare the certificate and key in cisco format
      delegate_to: localhost
      block:
        - name: check the certificate files
          stat:
            path: "{{ item }}"
          loop:
            - "{{ certpath }}"
            - "{{ keypath }}"
          register: tmp

        - name: fail if file does not exist
          fail:
            msg: "{{ item.item }} does not exist"
          when: not item.stat.exists
          loop: "{{ tmp.results }}"

        - name: read certificate into variable
          set_fact:
            cert: "{{ lookup('file', certpath) }}"

        - name: convert private key to pkcs#1 format
          command: "openssl rsa -in {{ keypath }} -outform pem"
          register: tmp1

        - name: convert public key to pkcs#1 format
          command: "openssl rsa -in {{ keypath }} -outform pem -RSAPublicKey_out"
          register: tmp2

        - name: read keys into variable
          set_fact:
            privkey: "{{ tmp1.stdout }}"
            pubkey: "{{ tmp2.stdout }}"

        #- debug:
        #    msg: "{{ privkey }}\n{{ pubkey }}\n{{ cert }}\n"

    - name: upload the certificate and keys
      community.ciscosmb.command:
        commands:
          - config
          - "crypto certificate 2 import\n{{ privkey }}\n{{ pubkey }}\n{{ cert }}\n."
      register: tmp
      failed_when: "'Certificate imported successfully' not in tmp.stdout[1]"

    - name: enable the certificate
      community.ciscosmb.command:
        commands:
          - ip https certificate 2
	#run with -e certdir=/some/path to point at the dir with your {{ inventory_hostname }}.pem and .key files

	- name: import wildcard certificate to the switches
	hosts: cisco_switch
	gather_facts: false
	become: false
	vars:
	certpath: "{{ certdir }}/{{ inventory_hostname }}.pem"
	keypath: "{{ certdir }}/{{ inventory_hostname }}.key"
	ansible_connection: network_cli
	ansible_network_os: community.ciscosmb.ciscosmb
	ansible_python_interpreter: auto_silent
	tasks:

	- name: prepare the certificate and key in cisco format
	delegate_to: localhost
	block:
	- name: check the certificate files
	stat:
	path: "{{ item }}"
	loop:
	- "{{ certpath }}"
	- "{{ keypath }}"
	register: tmp

	- name: fail if file does not exist
	fail:
	msg: "{{ item.item }} does not exist"
	when: not item.stat.exists
	loop: "{{ tmp.results }}"

	- name: read certificate into variable
	set_fact:
	cert: "{{ lookup('file', certpath) }}"

	- name: convert private key to pkcs#1 format
	command: "openssl rsa -in {{ keypath }} -outform pem"
	register: tmp1

	- name: convert public key to pkcs#1 format
	command: "openssl rsa -in {{ keypath }} -outform pem -RSAPublicKey_out"
	register: tmp2

	- name: read keys into variable
	set_fact:
	privkey: "{{ tmp1.stdout }}"
	pubkey: "{{ tmp2.stdout }}"

	#- debug:
	# msg: "{{ privkey }}\n{{ pubkey }}\n{{ cert }}\n"

	- name: upload the certificate and keys
	community.ciscosmb.command:
	commands:
	- config
	- "crypto certificate 2 import\n{{ privkey }}\n{{ pubkey }}\n{{ cert }}\n."
	register: tmp
	failed_when: "'Certificate imported successfully' not in tmp.stdout[1]"

	- name: enable the certificate
	community.ciscosmb.command:
	commands:
	- ip https certificate 2