sophos.sophos_firewall.sfos_certificate_authority module – Manage Certificate Authorities (System > Certificates > Certificate Authorities)

Note

This module is part of the sophos.sophos_firewall collection (version 2.5.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install sophos.sophos_firewall. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: sophos.sophos_firewall.sfos_certificate_authority.

New in sophos.sophos_firewall 2.5.0

Synopsis

• Creates, updates, and removes certificate authorities on Sophos Firewall

Requirements

The below requirements are needed on the host that executes this module.

• sophosfirewall-python

• Beginning in version 2.0.0, this module requires use of an httpapi connection plugin. See the HTTPAPI example for details.

Parameters

Parameter	Comments
ca_cert_file string	Path to the certificate to be uploaded
ca_private_key_file string	Path to the private key to be uploaded
format string	Format of the root certificate you uploaded Choices: "PEM" "DER"
name string / required	Name of the certificate authority
password string	Specify the password to access the private key
state string / required	Use present to create or update certificate authority Use update to update an existing certificate authority Use absent to remove certificate authority Choices: "present" "update" "absent"

Examples

- name: Add Certificate Authority
  sophos.sophos_firewall.sfos_certificate_authority:
    name: MY_CA
    format: PEM
    ca_cert_file: /path/to/ca_certificate.pem
    ca_private_key_file: /path/to/ca_private_key.key
    password: ca_password
    state: present

- name: Update Certificate Authority
  sophos.sophos_firewall.sfos_certificate_authority:
    name: MY_CA
    format: DER
    ca_cert_file: /path/to/updated_ca_certificate.der
    state: update

- name: Remove Certificate Authority
  sophos.sophos_firewall.sfos_certificate_authority:
    name: MY_CA
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
api_response dictionary	Serialized object containing the API response. Returned: always

Authors

• Matt Mullen (@mamullen13316)

Collection links

• Issue Tracker
• Repository (Sources)

Warning

If the firewall is a member of a group in Central, the changes made by Ansible will override the settings of the group. The actual configuration on the firewall may then differ from what is displayed for the same setting in the Central group.