Hello,
I have some windows machines with which I connect correctly using
certificate.
It works for both WinRM and PSRP (hop node). I am doing certificate renewal
tests and with the new certificate I am able to connect to the WinRM
machines (direct connection) but for the ones using PSRP (hop node) they
fail:
FAILED! => {"changed": false, "elapsed": 5, "msg": "timed out waiting for
ping module test success: failed to authenticate with the server: Failed to
authenticate the user XXXXX with certificate"}
If I install the new public certificate in the destination and in the
Ansible node it works, but then I would be forced to renew all the
certificates of the PSRP park, and lose the connection until renewing the
keys in the Ansible nodes.
A behavior that does not occur on machines where I connect directly with
WinRM, being able to coexist old/new certificate pairs.
WinRM:
Ansible node: certs_old Client: certs_old connection: ok
Ansible node: certs_old Client: certs_new connection: ok
Ansible node: certs_new Client: certs_old connection: ok
Ansible node: certs_new Client: certs_new connection: ok
PSRP
Ansible node: certs_old Client: certs_old connection: ok
Ansible node: certs_old Client: certs_new connection: KO
Ansible node: certs_new Client: certs_old connection: KO
Ansible node: certs_new Client: certs_new connection: ok
Can you think what could be the reason and what solution to apply?
Thank you very much
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/22fae8d5-a6e0-4255-a1ad-c71298d97197n%40googlegroups.com.
