win_certificate_store – Manages the certificate store¶
New in version 2.5.
- Used to import/export and remove certificates and keys from the local certificate store.
- This module is not used to create certificates and will only manage existing certs as a file or in the store.
- It can be used to import PEM, DER, P7B, PKCS12 (PFX) certificates and export PEM, DER and PKCS12 certificates.
- Some actions on PKCS12 certificates and keys may fail with the error
the specified network password is not correct, either use CredSSP or Kerberos with credential delegation, or use
becometo bypass these restrictions.
- The certificates must be located on the Windows host to be set with path.
- When importing a certificate for usage in IIS, it is generally required to use the
machinekey_storage option, as both
userwill make the private key unreadable to IIS APPPOOL identities and prevent binding the certificate to the https endpoint.
- name: Import a certificate win_certificate_store: path: C:\Temp\cert.pem state: present - name: Import pfx certificate that is password protected win_certificate_store: path: C:\Temp\cert.pfx state: present password: VeryStrongPasswordHere! become: yes become_method: runas - name: Import pfx certificate without password and set private key as un-exportable win_certificate_store: path: C:\Temp\cert.pfx state: present key_exportable: no # usually you don't set this here but it is for illustrative purposes vars: ansible_winrm_transport: credssp - name: Remove a certificate based on file thumbprint win_certificate_store: path: C:\Temp\cert.pem state: absent - name: Remove a certificate based on thumbprint win_certificate_store: thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27 state: absent - name: Remove certificate based on thumbprint is CurrentUser/TrustedPublishers store win_certificate_store: thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27 state: absent store_location: CurrentUser store_name: TrustedPublisher - name: Export certificate as der encoded file win_certificate_store: path: C:\Temp\cert.cer state: exported file_type: der - name: Export certificate and key as pfx encoded file win_certificate_store: path: C:\Temp\cert.pfx state: exported file_type: pkcs12 password: AnotherStrongPass! become: yes become_method: runas become_user: SYSTEM - name: Import certificate be used by IIS win_certificate_store: path: C:\Temp\cert.pfx file_type: pkcs12 password: StrongPassword! store_location: LocalMachine key_storage: machine state: present
Common return values are documented here, the following are the fields unique to this module:
A list of certificate thumbprints that were touched by the module.