community.windows.win_certificate_info – Get information on certificates from a Windows Certificate Store
community.windows.win_certificate_info – Get information on certificates from a Windows Certificate Store
Note
This plugin is part of the community.windows collection (version 1.2.0).
To install it use: ansible-galaxy collection install community.windows.
To use it in a playbook, specify: community.windows.win_certificate_info.
Synopsis
- Returns information about certificates in a Windows Certificate Store.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
store_location string |
|
The location of the store to search. |
|
store_name string |
Default: "My" |
The name of the store to search. See https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.storename for a list of built-in store names. |
|
thumbprint string |
The thumbprint as a hex string of a certificate to find. When specified, filters the certificates return value to a single certificate See the examples for how to format the thumbprint. |
See Also
See also
- ansible.windows.win_certificate_store
- The official documentation on the ansible.windows.win_certificate_store module.
Examples
- name: Obtain information about a particular certificate in the computer's personal store
community.windows.win_certificate_info:
thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
register: mycert
# thumbprint can also be lower case
- name: Obtain information about a particular certificate in the computer's personal store
community.windows.win_certificate_info:
thumbprint: bd7af104cf1872bdb518d95c9534ea941665fd27
register: mycert
- name: Obtain information about all certificates in the root store
community.windows.win_certificate_info:
store_name: Root
register: ca
# Import a pfx and then get information on the certificates
- name: Import pfx certificate that is password protected
ansible.windows.win_certificate_store:
path: C:\Temp\cert.pfx
state: present
password: VeryStrongPasswordHere!
become: yes
become_method: runas
register: mycert
- name: Obtain information on each certificate that was touched
community.windows.win_certificate_info:
thumbprint: "{{ item }}"
register: mycert_stats
loop: "{{ mycert.thumbprints }}"Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
|
certificates list / elements=dictionary |
success |
A list of information about certificates found in the store, sorted by thumbprint.
| |
|
archived boolean |
success |
Indicates that the certificate is archived.
| |
|
cert_data string |
success |
The base64 encoded data of the entire certificate.
| |
|
dns_names list / elements=string |
success |
Lists the registered dns names for the certificate.
Sample: ['*.m.wikiquote.org', '*.wikipedia.org'] | |
|
extensions list / elements=dictionary |
success |
The collection of the certificates extensions.
Sample: [{'critical': False, 'field': 'Subject Key Identifier', 'value': '88 27 17 09 a9 b6 18 60 8b ec eb ba f6 47 59 c5 52 54 a3 b7'}, {'critical': True, 'field': 'Basic Constraints', 'value': 'Subject Type=CA, Path Length Constraint=None'}, {'critical': False, 'field': 'Authority Key Identifier', 'value': 'KeyID=2b d0 69 47 94 76 09 fe f4 6b 8d 2e 40 a6 f7 47 4d 7f 08 5e'}, {'critical': False, 'field': 'CRL Distribution Points', 'value': '[1]CRL Distribution Point: Distribution Point Name:Full Name:URL=http://crl.apple.com/root.crl'}, {'critical': True, 'field': 'Key Usage', 'value': 'Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)'}, {'critical': False, 'field': None, 'value': '05 00'}] | |
|
friendly_name string |
success |
The associated alias for the certificate.
Sample: Microsoft Root Authority | |
|
has_private_key boolean |
success |
Indicates that the certificate contains a private key.
| |
|
intended_purposes list / elements=string |
enhanced key usages extension exists. |
lists the intended applications for the certificate.
Sample: ['Server Authentication'] | |
|
is_ca boolean |
basic constraints extension exists. |
Indicates that the certificate is a certificate authority (CA) certificate.
Sample: True | |
|
issued_by string |
success |
The certificate issuer's common name.
Sample: Apple Root CA | |
|
issued_to string |
success |
The certificate's common name.
Sample: Apple Worldwide Developer Relations Certification Authority | |
|
issuer string |
success |
The certificate issuer's distinguished name.
Sample: CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US | |
|
key_usages list / elements=string |
key usages extension exists. |
Defines how the certificate key can be used. If this value is not defined, the key can be used for any purpose.
Sample: ['CrlSign', 'KeyCertSign', 'DigitalSignature'] | |
|
path_length_constraint integer |
basic constraints extension exists |
The number of levels allowed in a certificates path. If this value is 0, the certificate does not have a restriction.
| |
|
public_key string |
success |
The base64 encoded public key of the certificate.
| |
|
serial_number string |
success |
The serial number of the certificate represented as a hexadecimal string
Sample: 01DEBCC4396DA010 | |
|
signature_algorithm string |
success |
The algorithm used to create the certificate's signature
Sample: sha1RSA | |
|
ski string |
subject key identifier extension exists. |
The certificate's subject key identifier
Sample: 88271709A9B618608BECEBBAF64759C55254A3B7 | |
|
subject string |
success |
The certificate's distinguished name.
Sample: CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US | |
|
thumbprint string |
success |
The thumbprint as a hex string of the certificate. The return format will always be upper case.
Sample: FF6797793A3CD798DC5B2ABEF56F73EDC9F83A64 | |
|
valid_from float |
success |
The start date of the certificate represented in seconds since epoch.
Sample: 1360255727 | |
|
valid_from_iso8601 string |
success |
The start date of the certificate represented as an iso8601 formatted date.
Sample: 2017-12-15T08:39:32Z | |
|
valid_to float |
success |
The expiry date of the certificate represented in seconds since epoch.
Sample: 1675788527 | |
|
valid_to_iso8601 string |
success |
The expiry date of the certificate represented as an iso8601 formatted date.
Sample: 2086-01-02T08:39:32Z | |
|
version integer |
success |
The x509 format version of the certificate
Sample: 3 | |
|
exists boolean |
success |
Whether any certificates were found in the store. When thumbprint is specified, returns true only if the certificate mathing the thumbprint exists.
Sample: True |
Authors
- Micah Hunsberger (@mhunsber)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/windows/win_certificate_info_module.html
