java_cert – Uses keytool to import/remove key from java keystore (cacerts)
java_cert – Uses keytool to import/remove key from java keystore (cacerts)
New in version 2.3.
Synopsis
- This is a wrapper module around keytool, which can be used to import/remove certificates from a given java keystore.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
cert_alias string |
Imported certificate alias. The alias is used when checking for the presence of a certificate in the keystore. | |
cert_path path |
Local path to load certificate from. One of | |
cert_port integer |
Default: 443 |
Port to connect to URL. This will be used to create server URL:PORT. |
cert_url string |
Basic URL to fetch SSL certificate from. One of | |
executable string |
Default: "keytool" |
Path to keytool binary if not used we search in PATH for it. |
keystore_create boolean |
|
Create keystore if it does not exist. |
keystore_pass string / required |
Keystore password. | |
keystore_path path |
Path to keystore. | |
keystore_type string added in 2.8 |
Keystore type (JCEKS, JKS). | |
pkcs12_alias string added in 2.4 |
Alias in the PKCS12 keystore. | |
pkcs12_password string added in 2.4 |
Default: "" |
Password for importing from PKCS12 keystore. |
pkcs12_path path added in 2.4 |
Local path to load PKCS12 keystore from. | |
state string |
|
Defines action which can be either certificate import or removal. |
Examples
- name: Import SSL certificate from google.com to a given cacerts keystore
java_cert:
cert_url: google.com
cert_port: 443
keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
keystore_pass: changeit
state: present
- name: Remove certificate with given alias from a keystore
java_cert:
cert_url: google.com
keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
keystore_pass: changeit
executable: /usr/lib/jvm/jre7/bin/keytool
state: absent
- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
java_cert:
cert_url: google.com
keystore_path: /tmp/cacerts
keystore_pass: changeit
keystore_create: yes
state: present
- name: Import a pkcs12 keystore with a specified alias, create it if it doesn't exist
java_cert:
pkcs12_path: "/tmp/importkeystore.p12"
cert_alias: default
keystore_path: /opt/wildfly/standalone/configuration/defaultkeystore.jks
keystore_pass: changeit
keystore_create: yes
state: present
- name: Import SSL certificate to JCEKS keystore
java_cert:
pkcs12_path: "/tmp/importkeystore.p12"
pkcs12_alias: default
pkcs12_password: somepass
cert_alias: default
keystore_path: /opt/someapp/security/keystore.jceks
keystore_type: "JCEKS"
keystore_pass: changeit
keystore_create: yes
state: present
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cmd string |
success |
Executed command to get action done.
Sample: keytool -importcert -noprompt -keystore |
msg string |
success |
Output from stdout of keytool command after execution of given command.
Sample: Module require existing keystore at keystore_path '/tmp/test/cacerts' |
rc integer |
success |
Keytool command execution return value.
Sample: 0 |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Adam Hamsik (@haad)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/java_cert_module.html