community.crypto.x509_crl_info module – Retrieve information on Certificate Revocation Lists (CRLs)
Note
This module is part of the community.crypto collection (version 2.3.4).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.crypto
.
To use it in a playbook, specify: community.crypto.x509_crl_info
.
New in version 1.0.0: of community.crypto
Requirements
The below requirements are needed on the host that executes this module.
If name_encoding is set to another value than
ignore
, the idna Python library needs to be installed.cryptography >= 1.2
Parameters
Parameter |
Comments |
---|---|
Content of the X.509 CRL in PEM format, or Base64-encoded X.509 CRL. Either path or content must be specified, but not both. |
|
If set to This is useful when retrieving information on large CRL files. Enumerating all revoked certificates can take some time, including serializing the result as JSON, sending it to the Ansible controller, and decoding it again. Choices:
|
|
How to encode names (DNS names, URIs, email addresses) in return values.
Note that Choices:
|
|
Remote absolute path where the generated CRL file should be created or is already located. Either path or content must be specified, but not both. |
Notes
Note
All timestamp values are provided in ASN.1 TIME format, in other words, following the
YYYYMMDDHHMMSSZ
pattern. They are all in UTC.Supports
check_mode
.
See Also
See also
- community.crypto.x509_crl
The official documentation on the community.crypto.x509_crl module.
Examples
- name: Get information on CRL
community.crypto.x509_crl_info:
path: /etc/ssl/my-ca.crl
register: result
- name: Print the information
ansible.builtin.debug:
msg: "{{ result }}"
- name: Get information on CRL without list of revoked certificates
community.crypto.x509_crl_info:
path: /etc/ssl/very-large.crl
list_revoked_certificates: false
register: result
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The signature algorithm used to sign the CRL. Returned: success Sample: “sha256WithRSAEncryption” |
|
Whether the CRL is in PEM format ( Returned: success Sample: “pem” |
|
The CRL’s issuer. Note that for repeated values, only the last one will be returned. See name_encoding for how IDNs are handled. Returned: success Sample: “{\”organizationName\”: \”Ansible\”, \”commonName\”: \”ca.example.com\”}” |
|
The CRL’s issuer as an ordered list of tuples. Returned: success Sample: “[[\”organizationName\”, \”Ansible\”], [\”commonName\”: \”ca.example.com\”]]” |
|
The point in time from which this CRL can be trusted as ASN.1 TIME. Returned: success Sample: “20190413202428Z” |
|
The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME. Returned: success Sample: “20190413202428Z” |
|
List of certificates to be revoked. Returned: success if list_revoked_certificates=true |
|
The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME. Returned: success Sample: “20190413202428Z” |
|
Whether the invalidity date extension is critical. Returned: success Sample: false |
|
The certificate’s issuer. See name_encoding for how IDNs are handled. Returned: success Sample: “[\”DNS:ca.example.org\”]” |
|
Whether the certificate issuer extension is critical. Returned: success Sample: false |
|
The value for the revocation reason extension. One of Returned: success Sample: “key_compromise” |
|
Whether the revocation reason extension is critical. Returned: success Sample: false |
|
The point in time the certificate was revoked as ASN.1 TIME. Returned: success Sample: “20190413202428Z” |
|
Serial number of the certificate. Returned: success Sample: 1234 |
Authors
Felix Fontein (@felixfontein)
Collection links
Issue Tracker Repository (Sources) Submit a bug report Request a feature Communication