[pfsense_cert] return an error if an internal

certificate is requested with a non-internal CA Fixes #165
pfsensible · Jan 31, 2025 · b9a27d1 · b9a27d1
1 parent 67433b1
commit b9a27d1
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/plugins/modules/pfsense_cert.py b/plugins/modules/pfsense_cert.py
@@ -223,9 +223,16 @@ def _validate_params(self):
             return
 
         if params['method'] == 'internal':
-            # CA is required for internal certificate
+            # An internal CA is required for internal certificate
             if params['ca'] is None:
                 self.module.fail_json(msg='CA is required.')
+            else:
+                ca = self._find_ca(params['ca'])
+                if ca is not None:
+                    if ca.find('prv') is None:
+                        self.module.fail_json(msg='CA (%s) is not an internal CA' % params['ca'])
+                else:
+                    self.module.fail_json(msg='CA (%s) not found' % params['ca'])
 
         # validate Certificate
         if params['certificate'] is not None: