openssl_publickey - Generate an OpenSSL public key from its private key.

New in version 2.3.


  • This module allows one to (re)generate OpenSSL public keys from their private keys. It uses the pyOpenSSL python library to interact with openssl. Keys are generated in PEM format. This module works only if the version of PyOpenSSL is recent enough (> 16.0.0)


parameter required default choices comments
  • True
  • False
Should the key be regenerated even it it already exists
Name of the file in which the generated TLS/SSL public key will be written.
Path to the TLS/SSL private key from which to genereate the public key.
no present
  • present
  • absent
Whether the public key should exist or not, taking action if the state is different from what is stated.


# Generate an OpenSSL public key.
- openssl_publickey:
    path: /etc/ssl/public/
    privatekey_path: /etc/ssl/private/

# Force regenerate an OpenSSL public key if it already exists
- openssl_publickey:
    path: /etc/ssl/public/
    privatekey_path: /etc/ssl/private/
    force: True

# Remove an OpenSSL public key
- openssl_publickey:
    path: /etc/ssl/public/
    privatekey_path: /etc/ssl/private/
    state: absent

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
privatekey Path to the TLS/SSL private key the public key was generated from ['changed', 'success'] string /etc/ssl/private/
filename Path to the generated TLS/SSL public key file ['changed', 'success'] string /etc/ssl/public/


This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.


This module is community maintained without core committer oversight.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.