New in version 2.3.
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| cert_alias |
no | Imported certificate alias. | ||
| cert_path |
no | Local path to load certificate from. One of cert_url or cert_path is required to load certificate. | ||
| cert_port |
no | 443 | Port to connect to URL. This will be used to create server URL:PORT | |
| cert_url |
no | Basic URL to fetch SSL certificate from. One of cert_url or cert_path is required to load certificate. | ||
| executable |
no | keytool | Path to keytool binary if not used we search in PATH for it. | |
| keystore_create |
no | Create keystore if it doesn't exist | ||
| keystore_pass |
yes | Keystore password. | ||
| keystore_path |
no | Path to keystore. | ||
| state |
no | present |
|
Defines action which can be either certificate import or removal. |
# Import SSL certificate from google.com to a given cacerts keystore java_cert: cert_url: google.com cert_port: 443 keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts keystore_pass: changeit state: present # Remove certificate with given alias from a keystore java_cert: cert_url: google.com keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts keystore_pass: changeit executable: /usr/lib/jvm/jre7/bin/keytool state: absent # Import SSL certificate from google.com to a keystore, # create it if it doesn't exist java_cert: cert_url: google.com keystore_path: /tmp/cacerts keystore_pass: changeit keystore_create: yes state: present
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| msg | Output from stdout of keytool command after execution of given command. | success | string | Module require existing keystore at keystore_path '/tmp/test/cacerts' |
| cmd | Executed command to get action done | success | string | keytool -importcert -noprompt -keystore |
| rc | Keytool command execution return value | success | int | 0 |
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is community maintained without core committer oversight.
For more information on what this means please read Module Support
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.