Ansible CyberArk Conjur Secret Lookup SSLError

Hi,

Seeking some advise please integrating Ansible Platform Automation 4.0.2 with Conjur Enterprise 12,7. When testing a new credential with “CyberArk Conjur Secret Lookup” the test is returning “SSLError” message:

image1575×1117 61.9 KB

image839×428 18.9 KB

/var/log/tower/tower.log

awx.api.generics status 400 received by user admin attempting to access /api/v2/credential_types/22/test/ from “my_ip_address”

Resources are defined and host has access to the variable:

conjur list -k host
[
“Dromelab:host:ansible/ansible01”
]
conjur list -k variable
[
“Dromelab:variable:DromeVault!/ConjurLOB!04/lolo/rod/password”,
]
conjur variable get -i DromeVault!/ConjurLOB!04/lolo/rod/password
zzz
conjur resource permitted-roles “Dromelab:variable:DromeVault!/ConjurLOB!04/lolo/rod/password” execute
[
“Dromelab:host:ansible/ansible01”,
]

On the “Create New Credential” page I´ve included under “Public Key Certificate” section the cluster certificate that was imported the evoke ca import --set: docker exec conjurcontainer evoke ca import --no-restart --key /opt/cyberark/conjur/certificates/cluster.key --set /opt/cyberark/conjur/certificates/cluster.pem

issue seems to be same as reported here sometime ago which clearly points to the certificate used to establish the secure connection:

CyberArk Conjur Secret Lookup - Ansible - Secrets Management - Conjur, Secrets Hub & CP - CyberArk Developer (cyberarkcommons.org)

Any tips what could I´ve missed here and why the SSLErrors?. Thanks in advance

It seems you have put the public key of the conjur cluster certificate inside the public key certificate field. If thats the case, please replace it with the certificate of the root ca (also combine intermediate CA if any) who issued certificate of conjur cluster.

@Drome,

Was the issue resolved from the first reply?

E