Certificate validation errors connecting to Windows Servers with Self-signed certs

Since 2.7.9 python validates and rejects invalid or self-signed certs by default. The current setup script for to configure remoting for ansible creates a self signed cert for the Https connector and as a result connections to it fail.

I've documented the bug here https://github.com/ansible/ansible/pull/10132 and created a fix to allow configuration of a certificate to validate the connection. The cert created on the target server can be extracted, converted to a pem file and provided either through the ansible config or via a command line switch.

This command can be used to extract the certificate

PS C:\Users\sgargan> Get-ChildItem "Cert:\LocalMachine\my"| Sort-Object NotBefore -Descending | Select -First 1 | Export-Certificate -Type CERT -FilePath "C:\Users\sgargan\ansible.cer" -Verbose

and to covert this to a pem

openssl x509 -outform pem -in ansible.cer -inform der -out ansible.pem

Might be an idea to allow a cert to be passed to the remoting configuration script? What are your thoughts?

thanks,

Steve.

Thanks for finding this one.

Do you mean passing a cert to https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 ?

I guess that would be useful for those with a CA signed cert, but I’d imagine there would likely still be a need for self-signed certs.

I guess my preference would be for ansible to able to look up the cert in local trust store, rather than having to point it at a file, which I imagine could get tedious with a lot of hosts.

Would that be possible?

Jon