Hey Tariq, One issue to be aware of. When I generated my certificate and keys, it had the start time set for 8 hours ahead of time. I can only imagine it set this because of GMT time and I am US PST. You can check the start time for the cert with the following command:
openssl x509 -in (name of cert).crt -text Hope this helps. Thanks, Thomas On Wed, Jul 3, 2019 at 11:32 AM Tariq Iqbal <[email protected]> wrote: > Thanks Tom for all your help. > > On Tuesday, July 2, 2019 at 4:47:00 PM UTC-5, Thomas Renzy wrote: >> >> Hi Tariq, >> >> You generate this key on your Ansible control system. >> >> Thanks, >> Thomas >> >> >> On Tue, Jul 2, 2019 at 1:38 PM Tariq Iqbal <[email protected]> wrote: >> >>> Hello All, >>> >>> I am trying to follow this process outlined below for Ansible to >>> authenicate to APIC controller using signature based authentication. >>> >>> >>> https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html#signature-based-authentication-using-certificates >>> >>> I need to determine where the open ssl command is ran. Is it ran on the >>> APIC controller or the Ansible controller? >>> >>> Generate certificate and private key >>> <https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html#generate-certificate-and-private-key> >>> >>> Signature-based authentication requires a (self-signed) X.509 >>> certificate with private key, and a configuration step for your AAA user in >>> ACI. To generate a working X.509 certificate and private key, use the >>> following procedure: >>> >>> $ openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout >>> admin.key -out admin.crt -subj '/CN=Admin/O=Your Company/C=US' >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/150a025e-2846-46a7-9541-a1de3f7358c1%40googlegroups.com >>> <https://groups.google.com/d/msgid/ansible-project/150a025e-2846-46a7-9541-a1de3f7358c1%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/b5f84d36-2446-4611-8dff-fea5a7b116d8%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/b5f84d36-2446-4611-8dff-fea5a7b116d8%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2B8veMEPcv4Qov2ZLCDafE9CYyT5%3DvpVx0QPEHtJ3NLGSHzmNQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
