Hello,
I have some windows machines with which I connect correctly using
certificate.
It works for both WinRM and PSRP (hop node). I am doing certificate renewal
tests and with the new certificate I am able to connect to the WinRM
machines (direct connection) but for the ones using PSRP (hop node) they
fail:
FAILED! => {"changed": false, "elapsed": 5, "msg": "timed out waiting for
ping module test success: failed to authenticate with the server: Failed to
authenticate the user XXXXX with certificate"}
If I install the new public certificate in the destination and in the
Ansible node it works, but then I would be forced to renew all the
certificates of the PSRP park, and lose the connection until renewing the
keys in the Ansible nodes.
A behavior that does not occur on machines where I connect directly with
WinRM, being able to coexist old/new certificate pairs.
WinRM:
Ansible node: certs_old Client: certs_old connection: ok
Ansible node: certs_old Client: certs_new connection: ok
Ansible node: certs_new Client: certs_old connection: ok
Ansible node: certs_new Client: certs_new connection: ok
PSRP
Ansible node: certs_old Client: certs_old connection: ok
Ansible node: certs_old Client: certs_new connection: KO
Ansible node: certs_new Client: certs_old connection: KO
Ansible node: certs_new Client: certs_new connection: ok
Can you think what could be the reason and what solution to apply?
Thank you very much
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/22fae8d5-a6e0-4255-a1ad-c71298d97197n%40googlegroups.com.
