The idea is to implement an Auto-Signing process, where the new remote host has to know the PKI ticket in order to get certificates from the Ansible Controller.
After that, the Ansible controller has to add the remote host to a verified list of hosts. Only then it should generate certificates. The remote host should delete the PKI ticket on the system.
That topic is subject to research.
The idea is to implement an Auto-Signing process, where the new remote host has to know the PKI ticket in order to get certificates from the Ansible Controller.
After that, the Ansible controller has to add the remote host to a verified list of hosts. Only then it should generate certificates. The remote host should delete the PKI ticket on the system.
That topic is subject to research.