The Sectigo Ansible integration provides a seamless solution for the enrollment, collection, and revocation of SSL/TLS and client (S/MIME) certificates issued by the Sectigo Certificate Manager (SCM) through Ansible playbooks. The Sectigo Ansible integration is distributed as an Ansible role.

It provides the following features:

  • RSA 2048, 3072, and 4096-bit private key generation

  • ECC secp256r1, secp384r1, and secp521r1 private key generation

  • Certificate Signing Request (CSR)

  • Detailed command line help

The Sectigo Ansible integration supports both the generation of new SSL and client certificates and the detection of existing certificates stored in a location accessible to the role at runtime. The integration also checks the validity of a certificate when an existing certificate is used. There are various types of SSL certificates that can be requested by supplying the appropriate configuration options.

Ansible Sectigo integration
The types of SSL/TLS certificates available to you are based on your account setup.

Package contents

The Sectigo Ansible integration package for Linux contains the Ansible role for Sectigo which uses a Python module to interact with SCM REST APIs to provision SSL/TLS and client (SMIME) certificates. The package contents are the following:

  • defaults:

    • main.yml: The default variable values

  • library:

    • sectigo_ansible.py: The Sectigo Ansible module

  • meta:

    • main.yml: The role dependencies and metadata

  • module_utils:

    • init.py: A Python Knowledge file

    • sectigo_api_client.py: The utility library for the module

  • tasks: The role tasks

  • tests: Tests and example playbooks

Sectigo Ansible integration package

The module is packaged in a .zip file. If you follow the Ansible best practices for the directory layout, you only need to unzip the package under the roles folder.

The following is an example of the expected layout:

  • my-playbook/: The playbook directory

    • example-playbook.yml: The playbook that uses the role

    • roles/

      • sectigo_ansible/: The sectigo_ansible role directory

Otherwise, unzip in any of the folders defined in your roles search path.

The sectigo_ansible/defaults/main.yml file provides an example variable file with values for each role variable. For more information on running the role, see Running a playbook using the role.