Note
This plugin is part of the community.crypto collection.
To install it use: ansible-galaxy collection install community.crypto.
To use it in a playbook, specify: community.crypto.x509_crl_info.
New in version 1.0.0: of community.crypto
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| content string | Content of the X.509 CRL in PEM format, or Base64-encoded X.509 CRL. Either path or content must be specified, but not both. | |
| path path | Remote absolute path where the generated CRL file should be created or is already located. Either path or content must be specified, but not both. |
Note
YYYYMMDDHHMMSSZ pattern. They are all in UTC.See also
The official documentation on the community.crypto.x509_crl module.
- name: Get information on CRL
community.crypto.x509_crl_info:
path: /etc/ssl/my-ca.crl
register: result
- debug:
msg: "{{ result }}"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
| digest string | success | The signature algorithm used to sign the CRL. Sample: sha256WithRSAEncryption | |
| format string | success | Whether the CRL is in PEM format ( pem) or in DER format (der).Sample: pem | |
| issuer dictionary | success | The CRL's issuer. Note that for repeated values, only the last one will be returned. Sample: {"organizationName": "Ansible", "commonName": "ca.example.com"} | |
| issuer_ordered list / elements=list | success | The CRL's issuer as an ordered list of tuples. Sample: [["organizationName", "Ansible"], ["commonName": "ca.example.com"]] | |
| last_update string | success | The point in time from which this CRL can be trusted as ASN.1 TIME. Sample: 20190413202428Z | |
| next_update string | success | The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME. Sample: 20190413202428Z | |
| revoked_certificates list / elements=dictionary | success | List of certificates to be revoked. | |
| invalidity_date string | success | The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME. Sample: 20190413202428Z | |
| invalidity_date_critical boolean | success | Whether the invalidity date extension is critical. | |
| issuer list / elements=string | success | The certificate's issuer. Sample: ["DNS:ca.example.org"] | |
| issuer_critical boolean | success | Whether the certificate issuer extension is critical. | |
| reason string | success | The value for the revocation reason extension. One of unspecified, key_compromise, ca_compromise, affiliation_changed, superseded, cessation_of_operation, certificate_hold, privilege_withdrawn, aa_compromise, and remove_from_crl.Sample: key_compromise | |
| reason_critical boolean | success | Whether the revocation reason extension is critical. | |
| revocation_date string | success | The point in time the certificate was revoked as ASN.1 TIME. Sample: 20190413202428Z | |
| serial_number integer | success | Serial number of the certificate. Sample: 1234 | |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/crypto/x509_crl_info_module.html