Fix vtl verification
This patch fixes a couple of issues that were causing the NTLS
connection to fail:
* Changed the CN used in the client cert to be the FQDN to ensure that
the CN and hostname match.
* Modified the scp commands to add the '-O' option to use the legacy scp
protocol.
Change-Id: I8996872d917ba9cbeaeb2a1c9a25e9db98713252
(cherry picked from commit 5c101144bc
)
This commit is contained in:
parent
81dac46114
commit
757c2e0426
@ -32,7 +32,7 @@
|
||||
client_name: "{{ ansible_facts['fqdn'] }}"
|
||||
client_reg_opt: "-hostname"
|
||||
client_host: "{{ ansible_facts['fqdn'] }}"
|
||||
client_cert_cn: "{{ inventory_hostname }}"
|
||||
client_cert_cn: "{{ ansible_facts['fqdn'] }}"
|
||||
when: lunasa_client_ip is undefined
|
||||
|
||||
- name: Set client facts for IP override
|
||||
|
@ -6,7 +6,7 @@
|
||||
- name: Get the hsm server cert from the hsm_server
|
||||
ansible.builtin.shell: >
|
||||
sshpass -p '{{ hsm_admin_password }}'
|
||||
scp -o StrictHostKeyChecking=false -c aes256-cbc
|
||||
scp -O -o StrictHostKeyChecking=false -c aes256-cbc
|
||||
admin@{{ hsm_hostname }}:server.pem
|
||||
/usr/safenet/lunaclient/bin/{{ hsm_hostname }}.pem
|
||||
args:
|
||||
@ -52,7 +52,7 @@
|
||||
block:
|
||||
- name: Copy the NTL client cert to the HSM
|
||||
ansible.builtin.shell: >
|
||||
sshpass -p '{{ hsm_admin_password }}' scp -c aes256-cbc
|
||||
sshpass -p '{{ hsm_admin_password }}' scp -O -c aes256-cbc
|
||||
/usr/safenet/lunaclient/cert/client/{{ client_cert_cn }}.pem
|
||||
admin@{{ hsm_hostname }}:{{ client_host }}.pem
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user