get_certificate – Get a certificate from a host:port
New in version 2.8.
Synopsis
- Makes a secure connection and returns information about the presented certificate
Requirements
The below requirements are needed on the host that executes this module.
- pyOpenSSL >= 0.15
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| ca_cert
path
|
A PEM file containing one or more root certificates; if present, the cert will be validated against these root certs.
Note that this only validates the certificate is signed by the chain; not that the cert is valid for the host presenting it.
|
|
| host
string / required
|
The host to get the cert for (IP is fine)
|
|
| port
integer / required
|
The port to connect to
|
|
| timeout
integer
|
Default:
10
|
The timeout in seconds
|
Notes
Note
- When using ca_cert on OS X it has been reported that in some conditions the validate will always succeed.
Examples
- name: Get the cert from an RDP port
get_certificate:
host: "1.2.3.4"
port: 3389
delegate_to: localhost
run_once: true
register: cert
- name: Get a cert from an https port
get_certificate:
host: "www.google.com"
port: 443
delegate_to: localhost
run_once: true
register: cert
- name: How many days until cert expires
debug:
msg: "cert expires in: {{ expire_days }} days."
vars:
expire_days: "{{ (( cert.not_after | to_datetime('%Y%m%d%H%M%SZ')) - (ansible_date_time.iso8601 | to_datetime('%Y-%m-%dT%H:%M:%SZ')) ).days }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| cert
string
|
success |
The certificate retrieved from the port
|
| expired
boolean
|
success |
Boolean indicating if the cert is expired
|
| extensions
list
|
success |
Extensions applied to the cert
|
| issuer
dictionary
|
success |
Information about the issuer of the cert
|
| not_after
string
|
success |
Expiration date of the cert
|
| not_before
string
|
success |
Issue date of the cert
|
| serial_number
string
|
success |
The serial number of the cert
|
| signature_algorithm
string
|
success |
The algorithm used to sign the cert
|
| subject
dictionary
|
success |
Information about the subject of the cert (OU, CN, etc)
|
| version
string
|
success |
The version number of the certificate
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- John Westcott IV (@john-westcott-iv)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/get_certificate_module.html