ansible.windows.win_certificate_store – Manages the certificate store¶
Note
This plugin is part of the ansible.windows collection (version 1.4.0).
To install it use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_certificate_store
.
Synopsis¶
Used to import/export and remove certificates and keys from the local certificate store.
This module is not used to create certificates and will only manage existing certs as a file or in the store.
It can be used to import PEM, DER, P7B, PKCS12 (PFX) certificates and export PEM, DER and PKCS12 certificates.
Parameters¶
Notes¶
Note
Some actions on PKCS12 certificates and keys may fail with the error
the specified network password is not correct
, either use CredSSP or Kerberos with credential delegation, or usebecome
to bypass these restrictions.The certificates must be located on the Windows host to be set with path.
When importing a certificate for usage in IIS, it is generally required to use the
machine
key_storage option, as bothdefault
anduser
will make the private key unreadable to IIS APPPOOL identities and prevent binding the certificate to the https endpoint.
Examples¶
- name: Import a certificate
ansible.windows.win_certificate_store:
path: C:\Temp\cert.pem
state: present
- name: Import pfx certificate that is password protected
ansible.windows.win_certificate_store:
path: C:\Temp\cert.pfx
state: present
password: VeryStrongPasswordHere!
become: yes
become_method: runas
- name: Import pfx certificate without password and set private key as un-exportable
ansible.windows.win_certificate_store:
path: C:\Temp\cert.pfx
state: present
key_exportable: no
# usually you don't set this here but it is for illustrative purposes
vars:
ansible_winrm_transport: credssp
- name: Remove a certificate based on file thumbprint
ansible.windows.win_certificate_store:
path: C:\Temp\cert.pem
state: absent
- name: Remove a certificate based on thumbprint
ansible.windows.win_certificate_store:
thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
state: absent
- name: Remove certificate based on thumbprint is CurrentUser/TrustedPublishers store
ansible.windows.win_certificate_store:
thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
state: absent
store_location: CurrentUser
store_name: TrustedPublisher
- name: Export certificate as der encoded file
ansible.windows.win_certificate_store:
path: C:\Temp\cert.cer
state: exported
file_type: der
- name: Export certificate and key as pfx encoded file
ansible.windows.win_certificate_store:
path: C:\Temp\cert.pfx
state: exported
file_type: pkcs12
password: AnotherStrongPass!
become: yes
become_method: runas
become_user: SYSTEM
- name: Import certificate be used by IIS
ansible.windows.win_certificate_store:
path: C:\Temp\cert.pfx
file_type: pkcs12
password: StrongPassword!
store_location: LocalMachine
key_storage: machine
state: present
become: yes
become_method: runas
become_user: SYSTEM
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
thumbprints
list
/ elements=string
|
success |
A list of certificate thumbprints that were touched by the module.
Sample:
['BC05633694E675449136679A658281F17A191087']
|
Authors¶
Jordan Borean (@jborean93)