I am trying to setup Ansible to manage Windows hosts. The hosts will be using SSL certificates issued from an internal CA. I have configured the Windows host per the instructions here. But when I try connecting using the module win_ping, I get:
HTTPSConnectionPool(email@example.com', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)'),))"
I’ve confirmed that when connecting to the Windows host on port 5986, the certificate issued by my CA is the one being used. And I tried specifying the CA certificate using ansible_winrm_ca_trust_path as a variable in my hosts file but it’s not validating the certificate. Here is what I have in the hosts file:
local: control: win_test: hosts: winhost.mydomain.local: vars: ansible_connection: winrm ansible_user: ansible@MYDOMAIN.LOCAL ansible_password: "#######" ansible_connection: winrm ansible_winrm_transport: kerberos ansible_winrm_ca_trust_path: /firstname.lastname@example.org/ansible/CA.cert
So, what am I doing wrong with certificate validation? As an FYI, I’m running Ansible v2.9.2 with Python 2.7.5.