W3cubDocs

/Ansible 2.10

community.windows.win_certificate_info – Get information on certificates from a Windows Certificate Store

Note

This plugin is part of the community.windows collection.

To install it use: ansible-galaxy collection install community.windows.

To use it in a playbook, specify: community.windows.win_certificate_info.

Synopsis

  • Returns information about certificates in a Windows Certificate Store.

Parameters

Parameter Choices/Defaults Comments
store_location
string
    Choices:
  • CurrentUser
  • LocalMachine
The location of the store to search.
store_name
string
Default:
"My"
The name of the store to search.
thumbprint
string
The thumbprint as a hex string of a certificate to find.
When specified, filters the certificates return value to a single certificate
See the examples for how to format the thumbprint.

See Also

See also

ansible.windows.win_certificate_store

The official documentation on the ansible.windows.win_certificate_store module.

Examples

- name: Obtain information about a particular certificate in the computer's personal store
  community.windows.win_certificate_info:
    thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
  register: mycert

# thumbprint can also be lower case
- name: Obtain information about a particular certificate in the computer's personal store
  community.windows.win_certificate_info:
    thumbprint: bd7af104cf1872bdb518d95c9534ea941665fd27
  register: mycert

- name: Obtain information about all certificates in the root store
  community.windows.win_certificate_info:
    store_name: Root
  register: ca

# Import a pfx and then get information on the certificates
- name: Import pfx certificate that is password protected
  ansible.windows.win_certificate_store:
    path: C:\Temp\cert.pfx
    state: present
    password: VeryStrongPasswordHere!
  become: yes
  become_method: runas
  register: mycert

- name: Obtain information on each certificate that was touched
  community.windows.win_certificate_info:
    thumbprint: "{{ item }}"
  register: mycert_stats
  loop: "{{ mycert.thumbprints }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
certificates
list / elements=dictionary
success
A list of information about certificates found in the store, sorted by thumbprint.

archived
boolean
success
Indicates that the certificate is archived.

cert_data
string
success
The base64 encoded data of the entire certificate.

dns_names
list / elements=string
success
Lists the registered dns names for the certificate.

Sample:
['*.m.wikiquote.org', '*.wikipedia.org']
extensions
list / elements=dictionary
success
The collection of the certificates extensions.

Sample:
[{'critical': False, 'field': 'Subject Key Identifier', 'value': '88 27 17 09 a9 b6 18 60 8b ec eb ba f6 47 59 c5 52 54 a3 b7'}, {'critical': True, 'field': 'Basic Constraints', 'value': 'Subject Type=CA, Path Length Constraint=None'}, {'critical': False, 'field': 'Authority Key Identifier', 'value': 'KeyID=2b d0 69 47 94 76 09 fe f4 6b 8d 2e 40 a6 f7 47 4d 7f 08 5e'}, {'critical': False, 'field': 'CRL Distribution Points', 'value': '[1]CRL Distribution Point: Distribution Point Name:Full Name:URL=http://crl.apple.com/root.crl'}, {'critical': True, 'field': 'Key Usage', 'value': 'Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)'}, {'critical': False, 'field': None, 'value': '05 00'}]
friendly_name
string
success
The associated alias for the certificate.

Sample:
Microsoft Root Authority
has_private_key
boolean
success
Indicates that the certificate contains a private key.

intended_purposes
list / elements=string
enhanced key usages extension exists.
lists the intended applications for the certificate.

Sample:
['Server Authentication']
is_ca
boolean
basic constraints extension exists.
Indicates that the certificate is a certificate authority (CA) certificate.

Sample:
True
issued_by
string
success
The certificate issuer's common name.

Sample:
Apple Root CA
issued_to
string
success
The certificate's common name.

Sample:
Apple Worldwide Developer Relations Certification Authority
issuer
string
success
The certificate issuer's distinguished name.

Sample:
CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US
key_usages
list / elements=string
key usages extension exists.
Defines how the certificate key can be used.
If this value is not defined, the key can be used for any purpose.

Sample:
['CrlSign', 'KeyCertSign', 'DigitalSignature']
path_length_constraint
integer
basic constraints extension exists
The number of levels allowed in a certificates path.
If this value is 0, the certificate does not have a restriction.

public_key
string
success
The base64 encoded public key of the certificate.

serial_number
string
success
The serial number of the certificate represented as a hexadecimal string

Sample:
01DEBCC4396DA010
signature_algorithm
string
success
The algorithm used to create the certificate's signature

Sample:
sha1RSA
ski
string
subject key identifier extension exists.
The certificate's subject key identifier

Sample:
88271709A9B618608BECEBBAF64759C55254A3B7
subject
string
success
The certificate's distinguished name.

Sample:
CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US
thumbprint
string
success
The thumbprint as a hex string of the certificate.
The return format will always be upper case.

Sample:
FF6797793A3CD798DC5B2ABEF56F73EDC9F83A64
valid_from
float
success
The start date of the certificate represented in seconds since epoch.

Sample:
1360255727
valid_from_iso8601
string
success
The start date of the certificate represented as an iso8601 formatted date.

Sample:
2017-12-15T08:39:32Z
valid_to
float
success
The expiry date of the certificate represented in seconds since epoch.

Sample:
1675788527
valid_to_iso8601
string
success
The expiry date of the certificate represented as an iso8601 formatted date.

Sample:
2086-01-02T08:39:32Z
version
integer
success
The x509 format version of the certificate

Sample:
3
exists
boolean
success
Whether any certificates were found in the store.
When thumbprint is specified, returns true only if the certificate mathing the thumbprint exists.

Sample:
True


Authors

  • Micah Hunsberger (@mhunsber)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/windows/win_certificate_info_module.html