Note
This plugin is part of the community.windows collection (version 1.2.0).
To install it use: ansible-galaxy collection install community.windows.
To use it in a playbook, specify: community.windows.win_certificate_info.
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| store_location string |
| The location of the store to search. |
| store_name string | Default: "My" | The name of the store to search. See https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.storename for a list of built-in store names. |
| thumbprint string | The thumbprint as a hex string of a certificate to find. When specified, filters the certificates return value to a single certificate See the examples for how to format the thumbprint. |
See also
The official documentation on the ansible.windows.win_certificate_store module.
- name: Obtain information about a particular certificate in the computer's personal store
community.windows.win_certificate_info:
thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
register: mycert
# thumbprint can also be lower case
- name: Obtain information about a particular certificate in the computer's personal store
community.windows.win_certificate_info:
thumbprint: bd7af104cf1872bdb518d95c9534ea941665fd27
register: mycert
- name: Obtain information about all certificates in the root store
community.windows.win_certificate_info:
store_name: Root
register: ca
# Import a pfx and then get information on the certificates
- name: Import pfx certificate that is password protected
ansible.windows.win_certificate_store:
path: C:\Temp\cert.pfx
state: present
password: VeryStrongPasswordHere!
become: yes
become_method: runas
register: mycert
- name: Obtain information on each certificate that was touched
community.windows.win_certificate_info:
thumbprint: "{{ item }}"
register: mycert_stats
loop: "{{ mycert.thumbprints }}"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
| certificates list / elements=dictionary | success | A list of information about certificates found in the store, sorted by thumbprint. | |
| archived boolean | success | Indicates that the certificate is archived. | |
| cert_data string | success | The base64 encoded data of the entire certificate. | |
| dns_names list / elements=string | success | Lists the registered dns names for the certificate. Sample: ['*.m.wikiquote.org', '*.wikipedia.org'] | |
| extensions list / elements=dictionary | success | The collection of the certificates extensions. Sample: [{'critical': False, 'field': 'Subject Key Identifier', 'value': '88 27 17 09 a9 b6 18 60 8b ec eb ba f6 47 59 c5 52 54 a3 b7'}, {'critical': True, 'field': 'Basic Constraints', 'value': 'Subject Type=CA, Path Length Constraint=None'}, {'critical': False, 'field': 'Authority Key Identifier', 'value': 'KeyID=2b d0 69 47 94 76 09 fe f4 6b 8d 2e 40 a6 f7 47 4d 7f 08 5e'}, {'critical': False, 'field': 'CRL Distribution Points', 'value': '[1]CRL Distribution Point: Distribution Point Name:Full Name:URL=http://crl.apple.com/root.crl'}, {'critical': True, 'field': 'Key Usage', 'value': 'Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)'}, {'critical': False, 'field': None, 'value': '05 00'}] | |
| friendly_name string | success | The associated alias for the certificate. Sample: Microsoft Root Authority | |
| has_private_key boolean | success | Indicates that the certificate contains a private key. | |
| intended_purposes list / elements=string | enhanced key usages extension exists. | lists the intended applications for the certificate. Sample: ['Server Authentication'] | |
| is_ca boolean | basic constraints extension exists. | Indicates that the certificate is a certificate authority (CA) certificate. Sample: True | |
| issued_by string | success | The certificate issuer's common name. Sample: Apple Root CA | |
| issued_to string | success | The certificate's common name. Sample: Apple Worldwide Developer Relations Certification Authority | |
| issuer string | success | The certificate issuer's distinguished name. Sample: CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US | |
| key_usages list / elements=string | key usages extension exists. | Defines how the certificate key can be used. If this value is not defined, the key can be used for any purpose. Sample: ['CrlSign', 'KeyCertSign', 'DigitalSignature'] | |
| path_length_constraint integer | basic constraints extension exists | The number of levels allowed in a certificates path. If this value is 0, the certificate does not have a restriction. | |
| public_key string | success | The base64 encoded public key of the certificate. | |
| serial_number string | success | The serial number of the certificate represented as a hexadecimal string Sample: 01DEBCC4396DA010 | |
| signature_algorithm string | success | The algorithm used to create the certificate's signature Sample: sha1RSA | |
| ski string | subject key identifier extension exists. | The certificate's subject key identifier Sample: 88271709A9B618608BECEBBAF64759C55254A3B7 | |
| subject string | success | The certificate's distinguished name. Sample: CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US | |
| thumbprint string | success | The thumbprint as a hex string of the certificate. The return format will always be upper case. Sample: FF6797793A3CD798DC5B2ABEF56F73EDC9F83A64 | |
| valid_from float | success | The start date of the certificate represented in seconds since epoch. Sample: 1360255727 | |
| valid_from_iso8601 string | success | The start date of the certificate represented as an iso8601 formatted date. Sample: 2017-12-15T08:39:32Z | |
| valid_to float | success | The expiry date of the certificate represented in seconds since epoch. Sample: 1675788527 | |
| valid_to_iso8601 string | success | The expiry date of the certificate represented as an iso8601 formatted date. Sample: 2086-01-02T08:39:32Z | |
| version integer | success | The x509 format version of the certificate Sample: 3 | |
| exists boolean | success | Whether any certificates were found in the store. When thumbprint is specified, returns true only if the certificate mathing the thumbprint exists. Sample: True | |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/windows/win_certificate_info_module.html