community.crypto.x509_crl_info – Retrieve information on Certificate Revocation Lists (CRLs)
Note
This plugin is part of the community.crypto collection (version 1.3.0).
To install it use: ansible-galaxy collection install community.crypto.
To use it in a playbook, specify: community.crypto.x509_crl_info.
New in version 1.0.0: of community.crypto
Synopsis
- This module allows one to retrieve information on Certificate Revocation Lists (CRLs).
Requirements
The below requirements are needed on the host that executes this module.
- cryptography >= 1.2
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| content
string
|
Content of the X.509 CRL in PEM format, or Base64-encoded X.509 CRL.
Either path or content must be specified, but not both.
|
|
| path
path
|
Remote absolute path where the generated CRL file should be created or is already located.
Either path or content must be specified, but not both.
|
Notes
Note
- All timestamp values are provided in ASN.1 TIME format, i.e. following the
YYYYMMDDHHMMSSZpattern. They are all in UTC.
See Also
See also
- community.crypto.x509_crl
-
The official documentation on the community.crypto.x509_crl module.
Examples
- name: Get information on CRL
community.crypto.x509_crl_info:
path: /etc/ssl/my-ca.crl
register: result
- debug:
msg: "{{ result }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
| digest
string
|
success |
The signature algorithm used to sign the CRL.
Sample:
sha256WithRSAEncryption
|
|
| format
string
|
success |
Whether the CRL is in PEM format ( pem) or in DER format (der).
Sample:
pem
|
|
| issuer
dictionary
|
success |
The CRL's issuer.
Note that for repeated values, only the last one will be returned.
Sample:
{"organizationName": "Ansible", "commonName": "ca.example.com"}
|
|
| issuer_ordered
list / elements=list
|
success |
The CRL's issuer as an ordered list of tuples.
Sample:
[["organizationName", "Ansible"], ["commonName": "ca.example.com"]]
|
|
| last_update
string
|
success |
The point in time from which this CRL can be trusted as ASN.1 TIME.
Sample:
20190413202428Z
|
|
| next_update
string
|
success |
The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME.
Sample:
20190413202428Z
|
|
| revoked_certificates
list / elements=dictionary
|
success |
List of certificates to be revoked.
|
|
| invalidity_date
string
|
success |
The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME.
Sample:
20190413202428Z
|
|
| invalidity_date_critical
boolean
|
success |
Whether the invalidity date extension is critical.
|
|
| issuer
list / elements=string
|
success |
The certificate's issuer.
Sample:
["DNS:ca.example.org"]
|
|
| issuer_critical
boolean
|
success |
Whether the certificate issuer extension is critical.
|
|
| reason
string
|
success |
The value for the revocation reason extension.
One of unspecified, key_compromise, ca_compromise, affiliation_changed, superseded, cessation_of_operation, certificate_hold, privilege_withdrawn, aa_compromise, and remove_from_crl.
Sample:
key_compromise
|
|
| reason_critical
boolean
|
success |
Whether the revocation reason extension is critical.
|
|
| revocation_date
string
|
success |
The point in time the certificate was revoked as ASN.1 TIME.
Sample:
20190413202428Z
|
|
| serial_number
integer
|
success |
Serial number of the certificate.
Sample:
1234
|
|
Authors
- Felix Fontein (@felixfontein)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/crypto/x509_crl_info_module.html