java_cert – Uses keytool to import/remove key from java keystore(cacerts)

New in version 2.3.

Synopsis

  • This is a wrapper module around keytool. Which can be used to import/remove certificates from a given java keystore.

Parameters

Parameter Choices/Defaults Comments
cert_alias
-
Imported certificate alias.
cert_path
-
Local path to load certificate from. One of cert_url or cert_path is required to load certificate.
cert_port
-
Default:
443
Port to connect to URL. This will be used to create server URL:PORT
cert_url
-
Basic URL to fetch SSL certificate from. One of cert_url or cert_path is required to load certificate.
executable
-
Default:
"keytool"
Path to keytool binary if not used we search in PATH for it.
keystore_create
-
Create keystore if it doesn't exist
keystore_pass
- / required
Keystore password.
keystore_path
-
Path to keystore.
pkcs12_alias
-
added in 2.4
 Default:
1
Alias in the PKCS12 keystore.
pkcs12_password
-
added in 2.4
 Default:
""
Password for importing from PKCS12 keystore.
pkcs12_path
-
added in 2.4
Local path to load PKCS12 keystore from.
state
-
    Choices:
  • absent
  • present ←
Defines action which can be either certificate import or removal.

Examples

- name: Import SSL certificate from google.com to a given cacerts keystore
  java_cert:
    cert_url: google.com
    cert_port: 443
    keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
    keystore_pass: changeit
    state: present

- name: Remove certificate with given alias from a keystore
  java_cert:
    cert_url: google.com
    keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
    keystore_pass: changeit
    executable: /usr/lib/jvm/jre7/bin/keytool
    state: absent

- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
  java_cert:
    cert_url: google.com
    keystore_path: /tmp/cacerts
    keystore_pass: changeit
    keystore_create: yes
    state: present

- name: Import a pkcs12 keystore with a specified alias, create it if it doesn't exist
  java_cert:
    pkcs12_path: "/tmp/importkeystore.p12"
    cert_alias: default
    keystore_path: /opt/wildfly/standalone/configuration/defaultkeystore.jks
    keystore_pass: changeit
    keystore_create: yes
    state: present

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
cmd
string
 success
Executed command to get action done

Sample:
keytool -importcert -noprompt -keystore
msg
string
 success
Output from stdout of keytool command after execution of given command.

Sample:
Module require existing keystore at keystore_path '/tmp/test/cacerts'
rc
integer
 success
Keytool command execution return value

Sample:
0


Status

Authors

  • Adam Hamsik (@haad)

Hint

If you notice any issues in this documentation you can edit this document to improve it.