win_certificate_store – Manages the certificate store¶
New in version 2.5.
Synopsis¶
- Used to import/export and remove certificates and keys from the local certificate store.
- This module is not used to create certificates and will only manage existing certs as a file or in the store.
- It can be used to import PEM, DER, P7B, PKCS12 (PFX) certificates and export PEM, DER and PKCS12 certificates.
Parameters¶
Notes¶
Note
- Some actions on PKCS12 certificates and keys may fail with the error the specified network password is not correct, either use CredSSP or Kerberos with credential delegation, or usebecometo bypass these restrictions.
- The certificates must be located on the Windows host to be set with path.
- When importing a certificate for usage in IIS, it is generally required to use the machinekey_storage option, as bothdefaultanduserwill make the private key unreadable to IIS APPPOOL identities and prevent binding the certificate to the https endpoint.
Examples¶
- name: Import a certificate
  win_certificate_store:
    path: C:\Temp\cert.pem
    state: present
- name: Import pfx certificate that is password protected
  win_certificate_store:
    path: C:\Temp\cert.pfx
    state: present
    password: VeryStrongPasswordHere!
  become: yes
  become_method: runas
- name: Import pfx certificate without password and set private key as un-exportable
  win_certificate_store:
    path: C:\Temp\cert.pfx
    state: present
    key_exportable: no
  # usually you don't set this here but it is for illustrative purposes
  vars:
    ansible_winrm_transport: credssp
- name: Remove a certificate based on file thumbprint
  win_certificate_store:
    path: C:\Temp\cert.pem
    state: absent
- name: Remove a certificate based on thumbprint
  win_certificate_store:
    thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
    state: absent
- name: Remove certificate based on thumbprint is CurrentUser/TrustedPublishers store
  win_certificate_store:
    thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
    state: absent
    store_location: CurrentUser
    store_name: TrustedPublisher
- name: Export certificate as der encoded file
  win_certificate_store:
    path: C:\Temp\cert.cer
    state: exported
    file_type: der
- name: Export certificate and key as pfx encoded file
  win_certificate_store:
    path: C:\Temp\cert.pfx
    state: exported
    file_type: pkcs12
    password: AnotherStrongPass!
  become: yes
  become_method: runas
  become_user: SYSTEM
- name: Import certificate be used by IIS
  win_certificate_store:
    path: C:\Temp\cert.pfx
    file_type: pkcs12
    password: StrongPassword!
    store_location: LocalMachine
    key_storage: machine
    state: present
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | 
|---|---|---|
| thumbprints 
                  list
                                       | success | A list of certificate thumbprints that were touched by the module. Sample: ['BC05633694E675449136679A658281F17A191087'] | 
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Jordan Borean (@jborean93)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
