Signature based authentication

Hello All,

I am trying to follow this process outlined below for Ansible to authenicate to APIC controller using signature based authentication.

https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html#signature-based-authentication-using-certificates

I need to determine where the open ssl command is ran. Is it ran on the APIC controller or the Ansible controller?

Generate certificate and private key

Signature-based authentication requires a (self-signed) X.509 certificate with private key, and a configuration step for your AAA user in ACI. To generate a working X.509 certificate and private key, use the following procedure:

$ openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout admin.key -out admin.crt -subj '/CN=Admin/O=Your Company/C=US'

If you read the whole page you are linking to you find your answer
https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html#running-on-the-controller-locally

Hi Tariq,

You generate this key on your Ansible control system.

Thanks,
Thomas

Thanks Tom for all your help.

Hey Tariq,

One issue to be aware of. When I generated my certificate and keys, it had the start time set for 8 hours ahead of time. I can only imagine it set this because of GMT time and I am US PST. You can check the start time for the cert with the following command:

openssl x509 -in (name of cert).crt -text

Hope this helps.

Thanks,
Thomas