community.crypto.x509_crl_info – Retrieve information on Certificate Revocation Lists (CRLs)
community.crypto.x509_crl_info – Retrieve information on Certificate Revocation Lists (CRLs)
Note
This plugin is part of the community.crypto collection (version 1.3.0).
To install it use: ansible-galaxy collection install community.crypto
.
To use it in a playbook, specify: community.crypto.x509_crl_info
.
New in version 1.0.0: of community.crypto
Synopsis
- This module allows one to retrieve information on Certificate Revocation Lists (CRLs).
Requirements
The below requirements are needed on the host that executes this module.
- cryptography >= 1.2
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
content string |
Content of the X.509 CRL in PEM format, or Base64-encoded X.509 CRL. Either path or content must be specified, but not both. | |
path path |
Remote absolute path where the generated CRL file should be created or is already located. Either path or content must be specified, but not both. |
Notes
Note
- All timestamp values are provided in ASN.1 TIME format, i.e. following the
YYYYMMDDHHMMSSZ
pattern. They are all in UTC.
See Also
See also
- community.crypto.x509_crl
- The official documentation on the community.crypto.x509_crl module.
Examples
- name: Get information on CRL
community.crypto.x509_crl_info:
path: /etc/ssl/my-ca.crl
register: result
- debug:
msg: "{{ result }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
digest string |
success |
The signature algorithm used to sign the CRL.
Sample: sha256WithRSAEncryption | |
format string |
success |
Whether the CRL is in PEM format (
Sample: pem | |
issuer dictionary |
success |
The CRL's issuer. Note that for repeated values, only the last one will be returned.
Sample: {"organizationName": "Ansible", "commonName": "ca.example.com"} | |
issuer_ordered list / elements=list |
success |
The CRL's issuer as an ordered list of tuples.
Sample: [["organizationName", "Ansible"], ["commonName": "ca.example.com"]] | |
last_update string |
success |
The point in time from which this CRL can be trusted as ASN.1 TIME.
Sample: 20190413202428Z | |
next_update string |
success |
The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME.
Sample: 20190413202428Z | |
revoked_certificates list / elements=dictionary |
success |
List of certificates to be revoked.
| |
invalidity_date string |
success |
The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME.
Sample: 20190413202428Z | |
invalidity_date_critical boolean |
success |
Whether the invalidity date extension is critical.
| |
issuer list / elements=string |
success |
The certificate's issuer.
Sample: ["DNS:ca.example.org"] | |
issuer_critical boolean |
success |
Whether the certificate issuer extension is critical.
| |
reason string |
success |
The value for the revocation reason extension. One of
Sample: key_compromise | |
reason_critical boolean |
success |
Whether the revocation reason extension is critical.
| |
revocation_date string |
success |
The point in time the certificate was revoked as ASN.1 TIME.
Sample: 20190413202428Z | |
serial_number integer |
success |
Serial number of the certificate.
Sample: 1234 |
Authors
- Felix Fontein (@felixfontein)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/crypto/x509_crl_info_module.html