get_certificate – Get a certificate from a host:port
get_certificate – Get a certificate from a host:port
New in version 2.8.
Synopsis
- Makes a secure connection and returns information about the presented certificate
Requirements
The below requirements are needed on the host that executes this module.
- pyOpenSSL >= 0.15
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
ca_cert path |
A PEM file containing one or more root certificates; if present, the cert will be validated against these root certs. Note that this only validates the certificate is signed by the chain; not that the cert is valid for the host presenting it. | |
host string / required |
The host to get the cert for (IP is fine) | |
port integer / required |
The port to connect to | |
timeout integer |
Default: 10 |
The timeout in seconds |
Notes
Note
- When using ca_cert on OS X it has been reported that in some conditions the validate will always succeed.
Examples
- name: Get the cert from an RDP port
get_certificate:
host: "1.2.3.4"
port: 3389
delegate_to: localhost
run_once: true
register: cert
- name: Get a cert from an https port
get_certificate:
host: "www.google.com"
port: 443
delegate_to: localhost
run_once: true
register: cert
- name: How many days until cert expires
debug:
msg: "cert expires in: {{ expire_days }} days."
vars:
expire_days: "{{ (( cert.not_after | to_datetime('%Y%m%d%H%M%SZ')) - (ansible_date_time.iso8601 | to_datetime('%Y-%m-%dT%H:%M:%SZ')) ).days }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cert string |
success |
The certificate retrieved from the port
|
expired boolean |
success |
Boolean indicating if the cert is expired
|
extensions list |
success |
Extensions applied to the cert
|
issuer dictionary |
success |
Information about the issuer of the cert
|
not_after string |
success |
Expiration date of the cert
|
not_before string |
success |
Issue date of the cert
|
serial_number string |
success |
The serial number of the cert
|
signature_algorithm string |
success |
The algorithm used to sign the cert
|
subject dictionary |
success |
Information about the subject of the cert (OU, CN, etc)
|
version string |
success |
The version number of the certificate
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- John Westcott IV (@john-westcott-iv)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/get_certificate_module.html