You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I'm trying to generate the CSR for a lab switch with FOS v9.1.1d2 using brocade_fos_command but I noticed with the v9.1.x when generating the CSR there is an additional question "Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):" where we can now add total 16 DNS's. With this options the brocade_fos_command is messing up the CSR.
Here is the issue. We are planning to add only one entry with the switch FQDN for "Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):" but when I use the brocade_fos_command module it's adding the same switch FQDN for all 16 DNS's instead of just one time which is what I'm looking for. Please review below details and let me now how to proceed.
CLI Command Process:
labswitch:switchansible> seccertmgmt generate -csr https
Generating a CSR will automatically do the following:
Delete all existing CSRs.
Warning:
Key-pair generation is CPU intensive and can cause high CPU usage
Private IPs and hostnames should not be part of SCN and/or SAN per CA/Browser forum.
Continue (yes, y, no, n): [no] yes
Country Name (2 letter code, eg, US):US
State or Province Name (full name, eg, California):state1
Locality Name (eg, city name):city1
Organization Name (eg, company name):company1
Organizational Unit Name (eg, department name):test1
Common Name (Fully qualified Domain Name, or IP address):labswitch.domain.com
Email Address:[email protected] Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com
Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):
Subject Alternative Name, IPAddress (IP v4 or v6 address):
Generating CSR, file name is: 10.10.10.10.csr
labswitch:switchansible>
Switch Output: (Correct)
labswitch:switchansible> seccertmgmt show -csr https
X509v3 Subject Alternative Name:
DNS:labswitch.domain.com
Playbook:
tasks:
name: Generate new https CSR on the SAN switch.
brocade_fos_command:
switch_login: switchansible
switch_password: "{{ ansible_password }}"
switch_address: "{{ fos_ip_addr }}"
command_set:
- command: seccertmgmt generate -csr https
prompts:
- question: Continue (yes, y, no, n)
response: "yes"
- question: Country Name (2 letter code, eg, US)
response: "US"
- question: State or Province Name (full name, eg, California)
response: "state1"
- question: Locality Name (eg, city name)
response: "city1"
- question: Organization Name (eg, company name)
response: "company1"
- question: Organizational Unit Name (eg, department name)
response: "test1"
- question: Common Name (Fully qualified Domain Name, or IP address)
response: "labswitch.domain.com"
- question: Email Address
response: "[email protected]" - question: Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address)
response: "labswitch.domain.com"
- question: Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address)
response: ''
- question: Subject Alternative Name, IPAddress (IP v4 or v6 address)
response: ''
no_log: True
Playbook Output:
TASK [print new CSR creation details from the switch] **************************
ok: [labswitch] => {
"ansible_facts4": {
"changed": false,
"failed": false,
"messages": [
"labswitch:switchansible> seccertmgmt generate -csr https",
"Generating a CSR will automatically do the following:",
"Delete all existing CSRs.",
"",
"Warning:",
"\tKey-pair generation is CPU intensive and can cause high CPU usage",
"\tPrivate IPs and hostnames should not be part of SCN and/or SAN per CA/Browser forum.",
"",
"",
"Continue (yes, y, no, n): [no] yes",
"Country Name (2 letter code, eg, US):US",
"State or Province Name (full name, eg, California):state1",
"Locality Name (eg, city name):city1",
"Organization Name (eg, company name):company1",
"Organizational Unit Name (eg, department name):test1",
"Common Name (Fully qualified Domain Name, or IP address):labswitch.domain.com",
"Email Address:[email protected]", "Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, IPAddress (IP v4 or v6 address):",
"Generating CSR, file name is: 10.10.10.10.csr",
"labswitch:switchansible> "
],
Hello, I'm trying to generate the CSR for a lab switch with FOS v9.1.1d2 using brocade_fos_command but I noticed with the v9.1.x when generating the CSR there is an additional question "Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):" where we can now add total 16 DNS's. With this options the brocade_fos_command is messing up the CSR.
Here is the issue. We are planning to add only one entry with the switch FQDN for "Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):" but when I use the brocade_fos_command module it's adding the same switch FQDN for all 16 DNS's instead of just one time which is what I'm looking for. Please review below details and let me now how to proceed.
CLI Command Process:
labswitch:switchansible> seccertmgmt generate -csr https
Generating a CSR will automatically do the following:
Delete all existing CSRs.
Warning:
Key-pair generation is CPU intensive and can cause high CPU usage
Private IPs and hostnames should not be part of SCN and/or SAN per CA/Browser forum.
Continue (yes, y, no, n): [no] yes
Country Name (2 letter code, eg, US):US
State or Province Name (full name, eg, California):state1
Locality Name (eg, city name):city1
Organization Name (eg, company name):company1
Organizational Unit Name (eg, department name):test1
Common Name (Fully qualified Domain Name, or IP address):labswitch.domain.com
Email Address:[email protected]
Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com
Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):
Subject Alternative Name, IPAddress (IP v4 or v6 address):
Generating CSR, file name is: 10.10.10.10.csr
labswitch:switchansible>
Switch Output: (Correct)
labswitch:switchansible> seccertmgmt show -csr https
X509v3 Subject Alternative Name:
DNS:labswitch.domain.com
Playbook:
tasks:
brocade_fos_command:
switch_login: switchansible
switch_password: "{{ ansible_password }}"
switch_address: "{{ fos_ip_addr }}"
command_set:
- command: seccertmgmt generate -csr https
prompts:
- question: Continue (yes, y, no, n)
response: "yes"
- question: Country Name (2 letter code, eg, US)
response: "US"
- question: State or Province Name (full name, eg, California)
response: "state1"
- question: Locality Name (eg, city name)
response: "city1"
- question: Organization Name (eg, company name)
response: "company1"
- question: Organizational Unit Name (eg, department name)
response: "test1"
- question: Common Name (Fully qualified Domain Name, or IP address)
response: "labswitch.domain.com"
- question: Email Address
response: "[email protected]"
- question: Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address)
response: "labswitch.domain.com"
- question: Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address)
response: ''
- question: Subject Alternative Name, IPAddress (IP v4 or v6 address)
response: ''
no_log: True
Playbook Output:
TASK [print new CSR creation details from the switch] **************************
ok: [labswitch] => {
"ansible_facts4": {
"changed": false,
"failed": false,
"messages": [
"labswitch:switchansible> seccertmgmt generate -csr https",
"Generating a CSR will automatically do the following:",
"Delete all existing CSRs.",
"",
"Warning:",
"\tKey-pair generation is CPU intensive and can cause high CPU usage",
"\tPrivate IPs and hostnames should not be part of SCN and/or SAN per CA/Browser forum.",
"",
"",
"Continue (yes, y, no, n): [no] yes",
"Country Name (2 letter code, eg, US):US",
"State or Province Name (full name, eg, California):state1",
"Locality Name (eg, city name):city1",
"Organization Name (eg, company name):company1",
"Organizational Unit Name (eg, department name):test1",
"Common Name (Fully qualified Domain Name, or IP address):labswitch.domain.com",
"Email Address:[email protected]",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, DNS (Fully Qualified Domain Name, or IP Address):labswitch.domain.com",
"Subject Alternative Name, IPAddress (IP v4 or v6 address):",
"Generating CSR, file name is: 10.10.10.10.csr",
"labswitch:switchansible> "
],
Switch Output: (incorrect)
labswitch:switchansible> seccertmgmt show -csr https
X509v3 Subject Alternative Name:
DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com, DNS:labswitch.domain.com
The text was updated successfully, but these errors were encountered: