zscaler.zpacloud.zpa_enrollement_certificate_info module – Retrieves enrollment certificate information.

Note

This module is part of the zscaler.zpacloud collection (version 2.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.zpacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.zpacloud.zpa_enrollement_certificate_info.

New in zscaler.zpacloud 1.0.0

Synopsis

  • This module will allow the retrieval of information about a Enrollment Certificate detail from the ZPA Cloud.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

id

string

ID of the browser certificate.

microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

name

string

Name of the browser certificate.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

provider

dictionary

A dict containing authentication credentials.

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

Notes

Note

  • Check mode is not supported.

Examples

- name: Gather Information Details of All Enrollment Certificates
  zscaler.zpacloud.zpa_enrollment_cert_facts:
    provider: "{{ zpa_cloud }}"

- name: Gather Information Details of the Root Enrollment Certificates by Name
  zscaler.zpacloud.zpa_enrollment_cert_facts:
    provider: "{{ zpa_cloud }}"
    name: "Root"

- name: Gather Information Details of the Client Enrollment Certificates by Name
  zscaler.zpacloud.zpa_enrollment_cert_facts:
    provider: "{{ zpa_cloud }}"
    name: "Client"

- name: Gather Information Details of the Connector Enrollment Certificates by Name
  zscaler.zpacloud.zpa_enrollment_cert_facts:
    provider: "{{ zpa_cloud }}"
    name: "Connector"

- name: Gather Information Details of the Service Edge Enrollment Certificates by Name
  zscaler.zpacloud.zpa_enrollment_cert_facts:
    provider: "{{ zpa_cloud }}"
    name: "Service Edge"

- name: Gather Information Details of the Isolation Client Enrollment Certificates by Name
  zscaler.zpacloud.zpa_enrollment_cert_facts:
    provider: "{{ zpa_cloud }}"
    name: "Isolation Client"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

certificates

list / elements=dictionary

Details of the Enrollment Certificates.

Returned: always

allow_signing

boolean

Indicates whether signing is allowed for this Enrollment Certificate.

Returned: always

Sample: true

c_name

string

The common name (CN) of the Enrollment Certificate.

Returned: always

Sample: "********.zpa-customer.com/Connector"

certificate

string

The full certificate in PEM format.

Returned: always

Sample: "-----BEGIN CERTIFICATE-----\nMIIDbjCCAlagAwIBAgIQfayCMxHt3mhQbVAuKHCYPTANBgkqhkiG9w0BAQsFADBe\n...\n-----END CERTIFICATE-----\n"

client_cert_type

string

The type of client certificate associated with the Enrollment Certificate.

Returned: always

Sample: "NONE"

creation_time

string

The time when the Enrollment Certificate was created, in epoch format.

Returned: always

Sample: "1649998646"

csr

string

The Certificate Signing Request (CSR) associated with the Enrollment Certificate in PEM format.

Returned: always

Sample: "-----BEGIN CERTIFICATE REQUEST-----\nMIIC2jCCAcICAQAwYzEQMA4GA1UEChMHWnNjYWxlcjEXMBUGA1UECxMOUHJpdmF0\n...\n-----END CERTIFICATE REQUEST-----\n"

description

string

The description of the Enrollment Certificate.

Returned: always

Sample: "Connector Enrollment Certificate"

id

string

The unique identifier of the Enrollment Certificate.

Returned: always

Sample: "16560"

issued_by

string

The issuer of the Enrollment Certificate.

Returned: always

Sample: "O=Zscaler,OU=Private Access,CN=********.zpa-customer.com/Root"

issued_to

string

The entity to which the Enrollment Certificate was issued.

Returned: always

Sample: "O=Zscaler,OU=Private Access,CN=********.zpa-customer.com/Connector"

modified_by

string

The ID of the user who last modified the Enrollment Certificate.

Returned: always

Sample: "123456789"

modified_time

string

The time when the Enrollment Certificate was last modified, in epoch format.

Returned: always

Sample: "1693027973"

name

string

The name of the Enrollment Certificate.

Returned: always

Sample: "Connector"

parent_cert_id

string

The unique identifier of the parent certificate if this is an intermediate certificate.

Returned: always

Sample: "16558"

parent_cert_name

string

The name of the parent certificate.

Returned: always

Sample: "Root"

public_key_present

boolean

Indicates whether the private key is present for the Enrollment Certificate.

Returned: always

Sample: true

serial_no

string

The serial number of the Enrollment Certificate.

Returned: always

Sample: "167049215292216048285546948781507909693"

valid_from_in_epoch_sec

string

The start of the certificate validity period in epoch seconds.

Returned: always

Sample: "1649912246"

valid_to_in_epoch_sec

string

The end of the certificate validity period in epoch seconds.

Returned: always

Sample: "2123038646"

Authors

  • William Guilherme (@willguibr)