get_certificate – Get a certificate from a host:port¶
New in version 2.8.
Synopsis¶
Makes a secure connection and returns information about the presented certificate
Requirements¶
The below requirements are needed on the host that executes this module.
pyOpenSSL >= 0.15
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
ca_cert
path
|
A PEM file containing one or more root certificates; if present, the cert will be validated against these root certs.
Note that this only validates the certificate is signed by the chain; not that the cert is valid for the host presenting it.
|
|
|
host
string
/ required
|
The host to get the cert for (IP is fine)
|
|
|
port
integer
/ required
|
The port to connect to
|
|
|
timeout
integer
|
Default: 10
|
The timeout in seconds
|
Notes¶
Note
When using ca_cert on OS X it has been reported that in some conditions the validate will always succeed.
Examples¶
- name: Get the cert from an RDP port
get_certificate:
host: "1.2.3.4"
port: 3389
delegate_to: localhost
run_once: true
register: cert
- name: Get a cert from an https port
get_certificate:
host: "www.google.com"
port: 443
delegate_to: localhost
run_once: true
register: cert
- name: How many days until cert expires
debug:
msg: "cert expires in: {{ expire_days }} days."
vars:
expire_days: "{{ (( cert.not_after | to_datetime('%Y%m%d%H%M%SZ')) - (ansible_date_time.iso8601 | to_datetime('%Y-%m-%dT%H:%M:%SZ')) ).days }}"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
cert
string
|
success |
The certificate retrieved from the port
|
|
expired
boolean
|
success |
Boolean indicating if the cert is expired
|
|
extensions
list
|
success |
Extensions applied to the cert
|
|
issuer
dictionary
|
success |
Information about the issuer of the cert
|
|
not_after
string
|
success |
Expiration date of the cert
|
|
not_before
string
|
success |
Issue date of the cert
|
|
serial_number
string
|
success |
The serial number of the cert
|
|
signature_algorithm
string
|
success |
The algorithm used to sign the cert
|
|
subject
dictionary
|
success |
Information about the subject of the cert (OU, CN, etc)
|
|
version
string
|
success |
The version number of the certificate
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]