community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR)
Note
This module is part of the community.crypto collection (version 2.3.4).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.crypto
.
To use it in a playbook, specify: community.crypto.openssl_csr_info
.
Synopsis
This module allows one to query information on OpenSSL Certificate Signing Requests (CSR).
In case the CSR signature cannot be validated, the module will fail. In this case, all return variables are still returned.
It uses the cryptography python library to interact with OpenSSL.
Requirements
The below requirements are needed on the host that executes this module.
If name_encoding is set to another value than
ignore
, the idna Python library needs to be installed.cryptography >= 1.3
Parameters
Parameter |
Comments |
---|---|
Content of the CSR file. Either path or content must be specified, but not both. |
|
How to encode names (DNS names, URIs, email addresses) in return values.
Note that Choices:
|
|
Remote absolute path where the CSR file is loaded from. Either path or content must be specified, but not both. |
|
Determines which crypto backend to use. The default choice is If set to Choices:
|
See Also
See also
- community.crypto.openssl_csr
The official documentation on the community.crypto.openssl_csr module.
- community.crypto.openssl_csr_pipe
The official documentation on the community.crypto.openssl_csr_pipe module.
Examples
- name: Generate an OpenSSL Certificate Signing Request
community.crypto.openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
common_name: www.ansible.com
- name: Get information on the CSR
community.crypto.openssl_csr_info:
path: /etc/ssl/csr/www.ansible.com.csr
register: result
- name: Dump information
debug:
var: result
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The CSR’s authority cert issuer as a list of general names. Is See name_encoding for how IDNs are handled. Returned: success Sample: “[DNS:www.ansible.com, IP:1.2.3.4]” |
|
The CSR’s authority cert serial number. Is Returned: success Sample: “12345” |
|
The CSR’s authority key identifier. The identifier is returned in hexadecimal, with Is Returned: success Sample: “00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33” |
|
Entries in the Returned: success Sample: “[CA:TRUE, pathlen:1]” |
|
Whether the Returned: success |
|
Entries in the Returned: success Sample: “[Biometric Info, DVCS, Time Stamping]” |
|
Whether the Returned: success |
|
Returns a dictionary for every extension OID Returned: success Sample: “{\”1.3.6.1.5.5.7.1.24\”: { \”critical\”: false, \”value\”: \”MAMCAQU=\”}}” |
|
Whether the extension is critical. Returned: success |
|
The Base64 encoded value (in DER format) of the extension. Note that depending on the Returned: success Sample: “MAMCAQU=” |
|
Entries in the Returned: success Sample: “[Key Agreement, Data Encipherment]” |
|
Whether the Returned: success |
|
Whether the Is Returned: success |
|
List of excluded subtrees the CA cannot sign certificates for. Is See name_encoding for how IDNs are handled. Returned: success Sample: [“email:.com”] |
|
List of permitted subtrees to sign certificates for. Returned: success Sample: [“email:.somedomain.com”] |
|
Returned: success |
|
Whether the Returned: success |
|
CSR’s public key in PEM format Returned: success Sample: “—–BEGIN PUBLIC KEY—–\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A…” |
|
Public key data. Depends on the public key’s type. Returned: success |
|
The curve’s name for ECC. Returned: When |
|
The RSA key’s public exponent. Returned: When |
|
The maximum number of bits of a private key. This is basically the bit size of the subgroup used. Returned: When |
|
The This is the element spanning the subgroup of the multiplicative group of the prime field used. Returned: When |
|
The RSA key’s modulus. Returned: When |
|
The This is the prime modulus upon which arithmetic takes place. Returned: When |
|
The This is a prime that divides Returned: When |
|
Bit size of modulus (RSA) or prime number (DSA). Returned: When |
|
The Returned: When |
|
For For Returned: When |
|
Fingerprints of CSR’s public key. For every hash algorithm available, the fingerprint is computed. Returned: success Sample: “{\u0027sha256\u0027: \u0027d4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63\u0027, \u0027sha512\u0027: \u0027f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1…” |
|
The CSR’s public key’s type. One of Will start with Returned: success Sample: “RSA” |
|
Whether the CSR’s signature is valid. In case the check returns Returned: success |
|
The CSR’s subject as a dictionary. Note that for repeated values, only the last one will be returned. Returned: success Sample: “{\”commonName\”: \”www.example.com\”, \”emailAddress\”: \”test@example.com\”}” |
|
Entries in the See name_encoding for how IDNs are handled. Returned: success Sample: “[DNS:www.ansible.com, IP:1.2.3.4]” |
|
Whether the Returned: success |
|
The CSR’s subject key identifier. The identifier is returned in hexadecimal, with Is Returned: success Sample: “00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33” |
|
The CSR’s subject as an ordered list of tuples. Returned: success Sample: “[[\”commonName\”, \”www.example.com\”], [\”emailAddress\”: \”test@example.com\”]]” |
Authors
Felix Fontein (@felixfontein)
Yanis Guenane (@Spredzy)
Collection links
Issue Tracker Repository (Sources) Submit a bug report Request a feature Communication