community.general.java_cert – Uses keytool to import/remove key from java keystore (cacerts)
community.general.java_cert – Uses keytool to import/remove key from java keystore (cacerts)
Note
This plugin is part of the community.general collection (version 2.0.1).
To install it use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.java_cert.
Synopsis
- This is a wrapper module around keytool, which can be used to import/remove certificates from a given java keystore.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
cert_alias string |
Imported certificate alias. The alias is used when checking for the presence of a certificate in the keystore. | |
|
cert_path path |
Local path to load certificate from. One of | |
|
cert_port integer |
Default: 443 |
Port to connect to URL. This will be used to create server URL:PORT. |
|
cert_url string |
Basic URL to fetch SSL certificate from. One of | |
|
executable string |
Default: "keytool" |
Path to keytool binary if not used we search in PATH for it. |
|
keystore_create boolean |
|
Create keystore if it does not exist. |
|
keystore_pass string / required |
Keystore password. | |
|
keystore_path path |
Path to keystore. | |
|
keystore_type string |
Keystore type (JCEKS, JKS). | |
|
pkcs12_alias string |
Alias in the PKCS12 keystore. | |
|
pkcs12_password string |
Default: "" |
Password for importing from PKCS12 keystore. |
|
pkcs12_path path |
Local path to load PKCS12 keystore from. | |
|
state string |
|
Defines action which can be either certificate import or removal. |
|
trust_cacert boolean added in 0.2.0 of community.general |
|
Trust imported cert as CAcert. |
Examples
- name: Import SSL certificate from google.com to a given cacerts keystore
community.general.java_cert:
cert_url: google.com
cert_port: 443
keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
keystore_pass: changeit
state: present
- name: Remove certificate with given alias from a keystore
community.general.java_cert:
cert_url: google.com
keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
keystore_pass: changeit
executable: /usr/lib/jvm/jre7/bin/keytool
state: absent
- name: Import trusted CA from SSL certificate
community.general.java_cert:
cert_path: /opt/certs/rootca.crt
keystore_path: /tmp/cacerts
keystore_pass: changeit
keystore_create: yes
state: present
cert_alias: LE_RootCA
trust_cacert: True
- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
community.general.java_cert:
cert_url: google.com
keystore_path: /tmp/cacerts
keystore_pass: changeit
keystore_create: yes
state: present
- name: Import a pkcs12 keystore with a specified alias, create it if it doesn't exist
community.general.java_cert:
pkcs12_path: "/tmp/importkeystore.p12"
cert_alias: default
keystore_path: /opt/wildfly/standalone/configuration/defaultkeystore.jks
keystore_pass: changeit
keystore_create: yes
state: present
- name: Import SSL certificate to JCEKS keystore
community.general.java_cert:
pkcs12_path: "/tmp/importkeystore.p12"
pkcs12_alias: default
pkcs12_password: somepass
cert_alias: default
keystore_path: /opt/someapp/security/keystore.jceks
keystore_type: "JCEKS"
keystore_pass: changeit
keystore_create: yes
state: presentReturn Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
cmd string |
success |
Executed command to get action done.
Sample: keytool -importcert -noprompt -keystore |
|
msg string |
success |
Output from stdout of keytool command after execution of given command.
Sample: Module require existing keystore at keystore_path '/tmp/test/cacerts' |
|
rc integer |
success |
Keytool command execution return value.
Sample: 0 |
Authors
- Adam Hamsik (@haad)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/general/java_cert_module.html
