openssl_certificate_info – Provide information of OpenSSL X.509 certificates¶
New in version 2.8.
Synopsis¶
- This module allows one to query information on OpenSSL certificates.
- It uses the pyOpenSSL or cryptography python library to interact with OpenSSL. If both the cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with select_crypto_backend). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in Ansible 2.13.
Requirements¶
The below requirements are needed on the host that executes this module.
- PyOpenSSL >= 0.15 or cryptography >= 1.6
Parameters¶
| Parameter | Choices/Defaults | Comments | 
|---|---|---|
| path 
                    path
                                             / required                     | Remote absolute path where the certificate file is loaded from. | |
| select_crypto_backend 
                    string
                                                                 | 
 | Determines which crypto backend to use. The default choice is  auto, which tries to usecryptographyif available, and falls back topyopenssl.If set to  pyopenssl, will try to use the pyOpenSSL library.If set to  cryptography, will try to use the cryptography library.Please note that the  pyopensslbackend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13. From that point on, only thecryptographybackend will be available. | 
| valid_at 
                    dictionary
                                                                 | A dict of names mapping to time specifications. Every time specified here will be checked whether the certificate is valid at this point. See the  valid_atreturn value for informations on the result.Time can be specified either as relative time or as absolute timestamp. Time will always be interpreted as UTC. Valid format is  [+-]timespec | ASN.1 TIMEwhere timespec can be an integer +[w | d | h | m | s](e.g.+32w1d2h, and ASN.1 TIME (i.e. patternYYYYMMDDHHMMSSZ). Note that all timestamps will be treated as being in UTC. | 
Notes¶
Note
- All timestamp values are provided in ASN.1 TIME format, i.e. following the YYYYMMDDHHMMSSZpattern. They are all in UTC.
See Also¶
See also
- openssl_certificate – Generate and/or check OpenSSL certificates
- The official documentation on the openssl_certificate module.
Examples¶
- name: Generate a Self Signed OpenSSL certificate
  openssl_certificate:
    path: /etc/ssl/crt/ansible.com.crt
    privatekey_path: /etc/ssl/private/ansible.com.pem
    csr_path: /etc/ssl/csr/ansible.com.csr
    provider: selfsigned
# Get information on the certificate
- name: Get information on generated certificate
  openssl_certificate_info:
    path: /etc/ssl/crt/ansible.com.crt
  register: result
- name: Dump information
  debug:
    var: result
# Check whether the certificate is valid or not valid at certain times, fail
# if this is not the case. The first task (openssl_certificate_info) collects
# the information, and the second task (assert) validates the result and
# makes the playbook fail in case something is not as expected.
- name: Test whether that certificate is valid tomorrow and/or in three weeks
  openssl_certificate_info:
    path: /etc/ssl/crt/ansible.com.crt
    valid_at:
      point_1: "+1d"
      point_2: "+3w"
  register: result
- name: Validate that certificate is valid tomorrow, but not in three weeks
  assert:
    that:
      - result.valid_at.point_1      # valid in one day
      - not result.valid_at.point_2  # not valid in three weeks
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Felix Fontein (@felixfontein)
- Yanis Guenane (@Spredzy)
- Markus Teufelberger (@MarkusTeufelberger)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
