community.windows.win_certificate_info module – Get information on certificates from a Windows Certificate Store
Note
This module is part of the community.windows collection (version 1.10.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.windows
.
To use it in a playbook, specify: community.windows.win_certificate_info
.
Parameters
Parameter |
Comments |
---|---|
The location of the store to search. Choices:
|
|
The name of the store to search. See https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.storename for a list of built-in store names. Default: “My” |
|
The thumbprint as a hex string of a certificate to find. When specified, filters the certificates return value to a single certificate See the examples for how to format the thumbprint. |
See Also
See also
- ansible.windows.win_certificate_store
The official documentation on the ansible.windows.win_certificate_store module.
Examples
- name: Obtain information about a particular certificate in the computer's personal store
community.windows.win_certificate_info:
thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
register: mycert
# thumbprint can also be lower case
- name: Obtain information about a particular certificate in the computer's personal store
community.windows.win_certificate_info:
thumbprint: bd7af104cf1872bdb518d95c9534ea941665fd27
register: mycert
- name: Obtain information about all certificates in the root store
community.windows.win_certificate_info:
store_name: Root
register: ca
# Import a pfx and then get information on the certificates
- name: Import pfx certificate that is password protected
ansible.windows.win_certificate_store:
path: C:\Temp\cert.pfx
state: present
password: VeryStrongPasswordHere!
become: yes
become_method: runas
register: mycert
- name: Obtain information on each certificate that was touched
community.windows.win_certificate_info:
thumbprint: "{{ item }}"
register: mycert_stats
loop: "{{ mycert.thumbprints }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A list of information about certificates found in the store, sorted by thumbprint. Returned: success |
|
Indicates that the certificate is archived. Returned: success Sample: false |
|
The base64 encoded data of the entire certificate. Returned: success |
|
Lists the registered dns names for the certificate. Returned: success Sample: [“*.m.wikiquote.org”, “*.wikipedia.org”] |
|
The collection of the certificates extensions. Returned: success Sample: [{“critical”: false, “field”: “Subject Key Identifier”, “value”: “88 27 17 09 a9 b6 18 60 8b ec eb ba f6 47 59 c5 52 54 a3 b7”}, {“critical”: true, “field”: “Basic Constraints”, “value”: “Subject Type=CA, Path Length Constraint=None”}, {“critical”: false, “field”: “Authority Key Identifier”, “value”: “KeyID=2b d0 69 47 94 76 09 fe f4 6b 8d 2e 40 a6 f7 47 4d 7f 08 5e”}, {“critical”: false, “field”: “CRL Distribution Points”, “value”: “[1]CRL Distribution Point: Distribution Point Name:Full Name:URL=http://crl.apple.com/root.crl”}, {“critical”: true, “field”: “Key Usage”, “value”: “Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)”}, {“critical”: false, “field”: null, “value”: “05 00”}] |
|
The associated alias for the certificate. Returned: success Sample: “Microsoft Root Authority” |
|
Indicates that the certificate contains a private key. Returned: success Sample: false |
|
lists the intended applications for the certificate. Returned: enhanced key usages extension exists. Sample: [“Server Authentication”] |
|
Indicates that the certificate is a certificate authority (CA) certificate. Returned: basic constraints extension exists. Sample: true |
|
The certificate issuer’s common name. Returned: success Sample: “Apple Root CA” |
|
The certificate’s common name. Returned: success Sample: “Apple Worldwide Developer Relations Certification Authority” |
|
The certificate issuer’s distinguished name. Returned: success Sample: “CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US” |
|
Defines how the certificate key can be used. If this value is not defined, the key can be used for any purpose. Returned: key usages extension exists. Sample: [“CrlSign”, “KeyCertSign”, “DigitalSignature”] |
|
The number of levels allowed in a certificates path. If this value is 0, the certificate does not have a restriction. Returned: basic constraints extension exists Sample: 0 |
|
The base64 encoded public key of the certificate. Returned: success |
|
The serial number of the certificate represented as a hexadecimal string Returned: success Sample: “01DEBCC4396DA010” |
|
The algorithm used to create the certificate’s signature Returned: success Sample: “sha1RSA” |
|
The certificate’s subject key identifier Returned: subject key identifier extension exists. Sample: “88271709A9B618608BECEBBAF64759C55254A3B7” |
|
The certificate’s distinguished name. Returned: success Sample: “CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US” |
|
The thumbprint as a hex string of the certificate. The return format will always be upper case. Returned: success Sample: “FF6797793A3CD798DC5B2ABEF56F73EDC9F83A64” |
|
The start date of the certificate represented in seconds since epoch. Returned: success Sample: 1360255727 |
|
The start date of the certificate represented as an iso8601 formatted date. Returned: success Sample: “2017-12-15T08:39:32Z” |
|
The expiry date of the certificate represented in seconds since epoch. Returned: success Sample: 1675788527 |
|
The expiry date of the certificate represented as an iso8601 formatted date. Returned: success Sample: “2086-01-02T08:39:32Z” |
|
The x509 format version of the certificate Returned: success Sample: 3 |
|
Whether any certificates were found in the store. When thumbprint is specified, returns true only if the certificate mathing the thumbprint exists. Returned: success Sample: true |
Authors
Micah Hunsberger (@mhunsber)