You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

java_cert - Uses keytool to import/remove key from java keystore(cacerts)¶

New in version 2.3.

Synopsis
Options
Examples
Return Values
- Status

Synopsis ¶

This is a wrapper module around keytool. Which can be used to import/remove certificates from a given java keystore.

Options ¶

parameter	required	default	choices	comments
cert_alias	no			Imported certificate alias.
cert_path	no			Local path to load certificate from. One of cert_url or cert_path is required to load certificate.
cert_port	no	443		Port to connect to URL. This will be used to create server URL:PORT
cert_url	no			Basic URL to fetch SSL certificate from. One of cert_url or cert_path is required to load certificate.
executable	no	keytool		Path to keytool binary if not used we search in PATH for it.
keystore_create	no			Create keystore if it doesn't exist
keystore_pass	yes			Keystore password.
keystore_path	no			Path to keystore.
pkcs12_alias (added in 2.4)	no	1		Alias in the PKCS12 keystore.
pkcs12_password (added in 2.4)	no			Password for importing from PKCS12 keystore.
pkcs12_path (added in 2.4)	no			Local path to load PKCS12 keystore from.
state	no	present	present absent	Defines action which can be either certificate import or removal.

Examples ¶

- name: Import SSL certificate from google.com to a given cacerts keystore
  java_cert:
    cert_url: google.com
    cert_port: 443
    keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
    keystore_pass: changeit
    state: present

- name: Remove certificate with given alias from a keystore
  java_cert:
    cert_url: google.com
    keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
    keystore_pass: changeit
    executable: /usr/lib/jvm/jre7/bin/keytool
    state: absent

- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
  java_cert:
    cert_url: google.com
    keystore_path: /tmp/cacerts
    keystore_pass: changeit
    keystore_create: yes
    state: present

- name: Import a pkcs12 keystore with a specified alias, create it if it doesn't exist
  java_cert:
    pkcs12_path: "/tmp/importkeystore.p12"
    cert_alias: default
    keystore_path: /opt/wildfly/standalone/configuration/defaultkeystore.jks
    keystore_pass: changeit
    keystore_create: yes
    state: present

Return Values ¶

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
cmd	Executed command to get action done	success	string	keytool -importcert -noprompt -keystore
msg	Output from stdout of keytool command after execution of given command.	success	string	Module require existing keystore at keystore_path '/tmp/test/cacerts'
rc	Keytool command execution return value	success	int	0

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.