Ansible certificate very failed

I am trying to setup Ansible to manage Windows hosts. The hosts will be using SSL certificates issued from an internal CA. I have configured the Windows host per the instructions here. But when I try connecting using the module win_ping, I get:

HTTPSConnectionPool(host='winhost@mydomain.local', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)'),))"

I’ve confirmed that when connecting to the Windows host on port 5986, the certificate issued by my CA is the one being used. And I tried specifying the CA certificate using ansible_winrm_ca_trust_path as a variable in my hosts file but it’s not validating the certificate. Here is what I have in the hosts file:

local:
  control:

win_test:
  hosts:
    winhost.mydomain.local:
  vars:
    ansible_connection: winrm
    ansible_user: ansible@MYDOMAIN.LOCAL
    ansible_password: "#######"
    ansible_connection: winrm
    ansible_winrm_transport: kerberos
    ansible_winrm_ca_trust_path: /home/my_username@mydomain.local/ansible/CA.cert

So, what am I doing wrong with certificate validation? As an FYI, I’m running Ansible v2.9.2 with Python 2.7.5.

Leave a Reply

Your email address will not be published. Required fields are marked *