community.crypto.x509_crl_info filter – Retrieve information from X.509 CRLs in PEM format
Note
This filter plugin is part of the community.crypto collection (version 2.22.3).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.crypto
.
You need further requirements to be able to use this filter plugin,
see Requirements for details.
To use it in a playbook, specify: community.crypto.x509_crl_info
.
New in community.crypto 2.10.0
Synopsis
Provided a X.509 crl in PEM format, retrieve information.
This is a filter version of the community.crypto.x509_crl_info module.
Requirements
The below requirements are needed on the local controller node that executes this filter.
If
name_encoding
is set to another value thanignore
, the idna Python library needs to be installed.
Input
This describes the input of the filter, the value before | community.crypto.x509_crl_info
.
Parameter |
Comments |
---|---|
The content of the X.509 CRL in PEM format. |
Keyword parameters
This describes keyword parameters of the filter. These are the values key1=value1
, key2=value2
and so on in the following
example: input | community.crypto.x509_crl_info(key1=value1, key2=value2, ...)
Parameter |
Comments |
---|---|
If set to This is useful when retrieving information on large CRL files. Enumerating all revoked certificates can take some time, including serializing the result as JSON, sending it to the Ansible controller, and decoding it again. Choices:
|
|
How to encode names (DNS names, URIs, email addresses) in return values.
Note that Choices:
|
See Also
See also
- community.crypto.x509_crl_info
Retrieve information on Certificate Revocation Lists (CRLs).
- community.crypto.to_serial filter plugin
Convert an integer to a colon-separated list of hex numbers.
Examples
- name: Show the Organization Name of the CRL's subject
ansible.builtin.debug:
msg: >-
{{
(
lookup('ansible.builtin.file', '/path/to/cert.pem')
| community.crypto.x509_crl_info
).issuer.organizationName
}}
Return Value
Key |
Description |
---|---|
Information on the CRL. Returned: success |
|
The signature algorithm used to sign the CRL. Returned: success Sample: |
|
Whether the CRL is in PEM format ( Returned: success Can only return:
Sample: |
|
The CRL’s issuer. Note that for repeated values, only the last one will be returned. See Returned: success Sample: |
|
The CRL’s issuer as an ordered list of tuples. Returned: success Sample: |
|
The point in time from which this CRL can be trusted as ASN.1 TIME. Returned: success Sample: |
|
The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME. Returned: success Sample: |
|
List of certificates to be revoked. Returned: success if |
|
The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME. Returned: success Sample: |
|
Whether the invalidity date extension is critical. Returned: success Sample: |
|
The certificate’s issuer. See Returned: success Sample: |
|
Whether the certificate issuer extension is critical. Returned: success Sample: |
|
The value for the revocation reason extension. Returned: success Can only return:
Sample: |
|
Whether the revocation reason extension is critical. Returned: success Sample: |
|
The point in time the certificate was revoked as ASN.1 TIME. Returned: success Sample: |
|
Serial number of the certificate. This return value is an integer. If you need the serial numbers as a colon-separated hex string, such as Returned: success Sample: |