community.crypto.x509_crl – Generate Certificate Revocation Lists (CRLs)¶
Note
This plugin is part of the community.crypto collection (version 1.6.1).
To install it use: ansible-galaxy collection install community.crypto
.
To use it in a playbook, specify: community.crypto.x509_crl
.
New in version 1.0.0: of community.crypto
Synopsis¶
This module allows one to (re)generate or update Certificate Revocation Lists (CRLs).
Certificates on the revocation list can be either specified by serial number and (optionally) their issuer, or as a path to a certificate file in PEM format.
Requirements¶
The below requirements are needed on the host that executes this module.
cryptography >= 1.2
Parameters¶
Notes¶
Note
All ASN.1 TIME values should be specified following the YYYYMMDDHHMMSSZ pattern.
Date specified should be UTC. Minutes and seconds are mandatory.
Supports
check_mode
.
Examples¶
- name: Generate a CRL
community.crypto.x509_crl:
path: /etc/ssl/my-ca.crl
privatekey_path: /etc/ssl/private/my-ca.pem
issuer:
CN: My CA
last_update: "+0s"
next_update: "+7d"
revoked_certificates:
- serial_number: 1234
revocation_date: 20190331202428Z
issuer:
CN: My CA
- serial_number: 2345
revocation_date: 20191013152910Z
reason: affiliation_changed
invalidity_date: 20191001000000Z
- path: /etc/ssl/crt/revoked-cert.pem
revocation_date: 20191010010203Z
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Authors¶
Felix Fontein (@felixfontein)