Note
This plugin is part of the community.windows collection (version 1.7.0).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.windows
.
To use it in a playbook, specify: community.windows.win_certificate_info
.
Parameter | Choices/Defaults | Comments |
---|---|---|
store_location string |
| The location of the store to search. |
store_name string | Default: "My" | The name of the store to search. See https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.storename for a list of built-in store names. |
thumbprint string | The thumbprint as a hex string of a certificate to find. When specified, filters the certificates return value to a single certificate See the examples for how to format the thumbprint. |
See also
The official documentation on the ansible.windows.win_certificate_store module.
- name: Obtain information about a particular certificate in the computer's personal store community.windows.win_certificate_info: thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27 register: mycert # thumbprint can also be lower case - name: Obtain information about a particular certificate in the computer's personal store community.windows.win_certificate_info: thumbprint: bd7af104cf1872bdb518d95c9534ea941665fd27 register: mycert - name: Obtain information about all certificates in the root store community.windows.win_certificate_info: store_name: Root register: ca # Import a pfx and then get information on the certificates - name: Import pfx certificate that is password protected ansible.windows.win_certificate_store: path: C:\Temp\cert.pfx state: present password: VeryStrongPasswordHere! become: yes become_method: runas register: mycert - name: Obtain information on each certificate that was touched community.windows.win_certificate_info: thumbprint: "{{ item }}" register: mycert_stats loop: "{{ mycert.thumbprints }}"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
certificates list / elements=dictionary | success | A list of information about certificates found in the store, sorted by thumbprint. | |
archived boolean | success | Indicates that the certificate is archived. | |
cert_data string | success | The base64 encoded data of the entire certificate. | |
dns_names list / elements=string | success | Lists the registered dns names for the certificate. Sample: ['*.m.wikiquote.org', '*.wikipedia.org'] | |
extensions list / elements=dictionary | success | The collection of the certificates extensions. Sample: [{'critical': False, 'field': 'Subject Key Identifier', 'value': '88 27 17 09 a9 b6 18 60 8b ec eb ba f6 47 59 c5 52 54 a3 b7'}, {'critical': True, 'field': 'Basic Constraints', 'value': 'Subject Type=CA, Path Length Constraint=None'}, {'critical': False, 'field': 'Authority Key Identifier', 'value': 'KeyID=2b d0 69 47 94 76 09 fe f4 6b 8d 2e 40 a6 f7 47 4d 7f 08 5e'}, {'critical': False, 'field': 'CRL Distribution Points', 'value': '[1]CRL Distribution Point: Distribution Point Name:Full Name:URL=http://crl.apple.com/root.crl'}, {'critical': True, 'field': 'Key Usage', 'value': 'Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)'}, {'critical': False, 'field': None, 'value': '05 00'}] | |
friendly_name string | success | The associated alias for the certificate. Sample: Microsoft Root Authority | |
has_private_key boolean | success | Indicates that the certificate contains a private key. | |
intended_purposes list / elements=string | enhanced key usages extension exists. | lists the intended applications for the certificate. Sample: ['Server Authentication'] | |
is_ca boolean | basic constraints extension exists. | Indicates that the certificate is a certificate authority (CA) certificate. Sample: True | |
issued_by string | success | The certificate issuer's common name. Sample: Apple Root CA | |
issued_to string | success | The certificate's common name. Sample: Apple Worldwide Developer Relations Certification Authority | |
issuer string | success | The certificate issuer's distinguished name. Sample: CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US | |
key_usages list / elements=string | key usages extension exists. | Defines how the certificate key can be used. If this value is not defined, the key can be used for any purpose. Sample: ['CrlSign', 'KeyCertSign', 'DigitalSignature'] | |
path_length_constraint integer | basic constraints extension exists | The number of levels allowed in a certificates path. If this value is 0, the certificate does not have a restriction. | |
public_key string | success | The base64 encoded public key of the certificate. | |
serial_number string | success | The serial number of the certificate represented as a hexadecimal string Sample: 01DEBCC4396DA010 | |
signature_algorithm string | success | The algorithm used to create the certificate's signature Sample: sha1RSA | |
ski string | subject key identifier extension exists. | The certificate's subject key identifier Sample: 88271709A9B618608BECEBBAF64759C55254A3B7 | |
subject string | success | The certificate's distinguished name. Sample: CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US | |
thumbprint string | success | The thumbprint as a hex string of the certificate. The return format will always be upper case. Sample: FF6797793A3CD798DC5B2ABEF56F73EDC9F83A64 | |
valid_from float | success | The start date of the certificate represented in seconds since epoch. Sample: 1360255727 | |
valid_from_iso8601 string | success | The start date of the certificate represented as an iso8601 formatted date. Sample: 2017-12-15T08:39:32Z | |
valid_to float | success | The expiry date of the certificate represented in seconds since epoch. Sample: 1675788527 | |
valid_to_iso8601 string | success | The expiry date of the certificate represented as an iso8601 formatted date. Sample: 2086-01-02T08:39:32Z | |
version integer | success | The x509 format version of the certificate Sample: 3 | |
exists boolean | success | Whether any certificates were found in the store. When thumbprint is specified, returns true only if the certificate mathing the thumbprint exists. Sample: True |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/windows/win_certificate_info_module.html