Open oelu opened 1 year ago
Hi @oelu ,
Thank you for raising this issue, rename ca certificate function should be achieved by https://ansible-galaxy-fortios-docs-beta.readthedocs.io/en/latest/gen/fortios_certificate_ca.html, but there is a conflict since the argument "name" is also be used as a key to locate the certificate, I will report it to the development team for further investigation, now I suggest to use GUI or CLI command FortiGate-201E (ca) # rename CA_Cert_1 to import.vpn-certificate.ca
as a temporary solution, sorry for any inconvenience.
Thanks, Maxx
Hello, is there an update on this?
Maybe this can be solved with an action: rename
setting, like this:
- name: Rename certificate
fortios_certificate_ca:
vdom: "{{ vdom }}"
access_token: "{{ access_token }}"
action: rename
self: CA_Cert_1
to: MyFavoriteCert
actually I can see on FNDN that the POST /vpn.certificate/ca
API already supports an action
parameter, but only for action: clone
. Adding action: rename
to this API would be great, pleaseeee :)
EDIT: Ok I attempted to "rename" by just cloning and then deleting the original, but I could not get it to work:
- name: Attempt CA rename
fortios_json_generic:
vdom: "{{ vdom }}"
access_token: "{{ fortios_access_token }}"
json_generic:
method: POST
path: /api/v2/cmdb/vpn.certificate/ca
dictbody:
name: CA_Cert_1
specialparams: 'action=clone&nkey=MyFavoriteCert'
results in a 405:
fatal: [devicename]: FAILED! => changed=false
meta:
action: clone
build: 601
http_method: POST
http_status: 405
name: ca
path: vpn.certificate
serial: <my serial>
status: error
vdom: root
version: v7.0.14
msg: Unable to precess the request, please provide correct parameters and make sure the path exists.
and the httpsd debug logs on the forti say:
[httpsd 19921 - 1710773464 info] api_cmdb_request_init_by_path[1651] -- new CMDB query (path='vpn.certificate',name='ca')
[httpsd 19921 - 1710773464 info] handle_cli_req_v2[3006] -- no method found for requested action: clone
[httpsd 19921 - 1710773464 info] handle_cli_req_v2[3124] -- returning to original vdom "root"
[httpsd 19921 - 1710773464 warning] api_return_http_result[1272] -- API error 405 raised
[httpsd 19921 - 1710773464 info] fweb_debug_final[306] -- Completed POST request for "/api/v2/cmdb/vpn.certificate/ca" (HTTP 405)
When importing a a file certificate with the monitor selector:
import.vpn-certificate.ca
(1) it is not possible to specify a name for the imported certificate. Instead the FortiGate issues a name in the format CA_Cert_1, CA_Cert_2, ...This makes it hard to reference to said certificate in later scripts. I'd like to see an an additional
certname
parameter in the REST API and Ansible library to set the name of the imported certificate. I am using FOS v7.2.3.