Note
This plugin is part of the community.windows collection.
To install it use: ansible-galaxy collection install community.windows
.
To use it in a playbook, specify: community.windows.win_certificate_info
.
Parameter | Choices/Defaults | Comments |
---|---|---|
store_location string |
| The location of the store to search. |
store_name string | Default: "My" | The name of the store to search. See https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.storename for a list of built-in store names. |
thumbprint string | The thumbprint as a hex string of a certificate to find. When specified, filters the certificates return value to a single certificate See the examples for how to format the thumbprint. |
See also
The official documentation on the ansible.windows.win_certificate_store module.
- name: Obtain information about a particular certificate in the computer's personal store community.windows.win_certificate_info: thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27 register: mycert # thumbprint can also be lower case - name: Obtain information about a particular certificate in the computer's personal store community.windows.win_certificate_info: thumbprint: bd7af104cf1872bdb518d95c9534ea941665fd27 register: mycert - name: Obtain information about all certificates in the root store community.windows.win_certificate_info: store_name: Root register: ca # Import a pfx and then get information on the certificates - name: Import pfx certificate that is password protected ansible.windows.win_certificate_store: path: C:\Temp\cert.pfx state: present password: VeryStrongPasswordHere! become: yes become_method: runas register: mycert - name: Obtain information on each certificate that was touched community.windows.win_certificate_info: thumbprint: "{{ item }}" register: mycert_stats loop: "{{ mycert.thumbprints }}"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
certificates list / elements=dictionary | success | A list of information about certificates found in the store, sorted by thumbprint. | |
archived boolean | success | Indicates that the certificate is archived. | |
cert_data string | success | The base64 encoded data of the entire certificate. | |
dns_names list / elements=string | success | Lists the registered dns names for the certificate. Sample: ['*.m.wikiquote.org', '*.wikipedia.org'] | |
extensions list / elements=dictionary | success | The collection of the certificates extensions. Sample: [{'critical': False, 'field': 'Subject Key Identifier', 'value': '88 27 17 09 a9 b6 18 60 8b ec eb ba f6 47 59 c5 52 54 a3 b7'}, {'critical': True, 'field': 'Basic Constraints', 'value': 'Subject Type=CA, Path Length Constraint=None'}, {'critical': False, 'field': 'Authority Key Identifier', 'value': 'KeyID=2b d0 69 47 94 76 09 fe f4 6b 8d 2e 40 a6 f7 47 4d 7f 08 5e'}, {'critical': False, 'field': 'CRL Distribution Points', 'value': '[1]CRL Distribution Point: Distribution Point Name:Full Name:URL=http://crl.apple.com/root.crl'}, {'critical': True, 'field': 'Key Usage', 'value': 'Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)'}, {'critical': False, 'field': None, 'value': '05 00'}] | |
friendly_name string | success | The associated alias for the certificate. Sample: Microsoft Root Authority | |
has_private_key boolean | success | Indicates that the certificate contains a private key. | |
intended_purposes list / elements=string | enhanced key usages extension exists. | lists the intended applications for the certificate. Sample: ['Server Authentication'] | |
is_ca boolean | basic constraints extension exists. | Indicates that the certificate is a certificate authority (CA) certificate. Sample: True | |
issued_by string | success | The certificate issuer's common name. Sample: Apple Root CA | |
issued_to string | success | The certificate's common name. Sample: Apple Worldwide Developer Relations Certification Authority | |
issuer string | success | The certificate issuer's distinguished name. Sample: CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US | |
key_usages list / elements=string | key usages extension exists. | Defines how the certificate key can be used. If this value is not defined, the key can be used for any purpose. Sample: ['CrlSign', 'KeyCertSign', 'DigitalSignature'] | |
path_length_constraint integer | basic constraints extension exists | The number of levels allowed in a certificates path. If this value is 0, the certificate does not have a restriction. | |
public_key string | success | The base64 encoded public key of the certificate. | |
serial_number string | success | The serial number of the certificate represented as a hexadecimal string Sample: 01DEBCC4396DA010 | |
signature_algorithm string | success | The algorithm used to create the certificate's signature Sample: sha1RSA | |
ski string | subject key identifier extension exists. | The certificate's subject key identifier Sample: 88271709A9B618608BECEBBAF64759C55254A3B7 | |
subject string | success | The certificate's distinguished name. Sample: CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US | |
thumbprint string | success | The thumbprint as a hex string of the certificate. The return format will always be upper case. Sample: FF6797793A3CD798DC5B2ABEF56F73EDC9F83A64 | |
valid_from float | success | The start date of the certificate represented in seconds since epoch. Sample: 1360255727 | |
valid_from_iso8601 string | success | The start date of the certificate represented as an iso8601 formatted date. Sample: 2017-12-15T08:39:32Z | |
valid_to float | success | The expiry date of the certificate represented in seconds since epoch. Sample: 1675788527 | |
valid_to_iso8601 string | success | The expiry date of the certificate represented as an iso8601 formatted date. Sample: 2086-01-02T08:39:32Z | |
version integer | success | The x509 format version of the certificate Sample: 3 | |
exists boolean | success | Whether any certificates were found in the store. When thumbprint is specified, returns true only if the certificate mathing the thumbprint exists. Sample: True |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/windows/win_certificate_info_module.html