openssl_csr_info – Provide information of OpenSSL Certificate Signing Requests (CSR)¶
New in version 2.8.
Synopsis¶
This module allows one to query information on OpenSSL Certificate Signing Requests (CSR).
In case the CSR signature cannot be validated, the module will fail. In this case, all return variables are still returned.
It uses the pyOpenSSL or cryptography python library to interact with OpenSSL. If both the cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with
select_crypto_backend)
Requirements¶
The below requirements are needed on the host that executes this module.
PyOpenSSL >= 0.15 or cryptography >= 1.3
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
path
path
/ required
|
Remote absolute path where the CSR file is loaded from.
|
|
|
select_crypto_backend
string
|
|
Determines which crypto backend to use.
The default choice is
auto, which tries to use cryptography if available, and falls back to pyopenssl.If set to
pyopenssl, will try to use the pyOpenSSL library.If set to
cryptography, will try to use the cryptography library. |
See Also¶
See also
- openssl_csr – Generate OpenSSL Certificate Signing Request (CSR)
The official documentation on the openssl_csr module.
Examples¶
- name: Generate an OpenSSL Certificate Signing Request
openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
common_name: www.ansible.com
- name: Get information on the CSR
openssl_csr_info:
path: /etc/ssl/csr/www.ansible.com.csr
register: result
- name: Dump information
debug:
var: result
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
|
basic_constraints
list
|
success |
Entries in the
basic_constraints extension, or none if extension is not present.Sample:
[CA:TRUE, pathlen:1]
|
|
|
basic_constraints_critical
boolean
|
success |
Whether the
basic_constraints extension is critical. |
|
|
extended_key_usage
list
|
success |
Entries in the
extended_key_usage extension, or none if extension is not present.Sample:
[Biometric Info, DVCS, Time Stamping]
|
|
|
extended_key_usage_critical
boolean
|
success |
Whether the
extended_key_usage extension is critical. |
|
|
extensions_by_oid
complex
|
success |
Returns a dictionary for every extension OID
Sample:
{"1.3.6.1.5.5.7.1.24": { "critical": false, "value": "MAMCAQU="}}
|
|
|
critical
boolean
|
success |
Whether the extension is critical.
|
|
|
value
string
|
success |
The Base64 encoded value (in DER format) of the extension
Sample:
MAMCAQU=
|
|
|
key_usage
string
|
success |
Entries in the
key_usage extension, or none if extension is not present.Sample:
[Key Agreement, Data Encipherment]
|
|
|
key_usage_critical
boolean
|
success |
Whether the
key_usage extension is critical. |
|
|
ocsp_must_staple
boolean
|
success |
yes if the OCSP Must Staple extension is present, none otherwise. |
|
|
ocsp_must_staple_critical
boolean
|
success |
Whether the
ocsp_must_staple extension is critical. |
|
|
public_key
string
|
success |
CSR's public key in PEM format
Sample:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A...
|
|
|
public_key_fingerprints
dictionary
|
success |
Fingerprints of CSR's public key.
For every hash algorithm available, the fingerprint is computed.
Sample:
{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1...
|
|
|
signature_valid
boolean
|
success |
Whether the CSR's signature is valid.
In case the check returns
no, the module will fail. |
|
|
subject
dictionary
|
success |
The CSR's subject.
Sample:
{"commonName": "www.example.com", "emailAddress": "[email protected]"}
|
|
|
subject_alt_name
list
|
success |
Entries in the
subject_alt_name extension, or none if extension is not present.Sample:
[DNS:www.ansible.com, IP:1.2.3.4]
|
|
|
subject_alt_name_critical
boolean
|
success |
Whether the
subject_alt_name extension is critical. |
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]