community.crypto.x509_crl_info – Retrieve information on Certificate Revocation Lists (CRLs)
Note
This plugin is part of the community.crypto collection (version 1.9.6).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.crypto.
To use it in a playbook, specify: community.crypto.x509_crl_info.
New in version 1.0.0: of community.crypto
Synopsis
- This module allows one to retrieve information on Certificate Revocation Lists (CRLs).
Requirements
The below requirements are needed on the host that executes this module.
- cryptography >= 1.2
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| content
string
|
Content of the X.509 CRL in PEM format, or Base64-encoded X.509 CRL.
Either path or content must be specified, but not both.
|
|
| list_revoked_certificates
boolean
added in 1.7.0 of community.crypto
|
|
If set to
false, the list of revoked certificates is not included in the result.
This is useful when retrieving information on large CRL files. Enumerating all revoked certificates can take some time, including serializing the result as JSON, sending it to the Ansible controller, and decoding it again.
|
| path
path
|
Remote absolute path where the generated CRL file should be created or is already located.
Either path or content must be specified, but not both.
|
Notes
Note
- All timestamp values are provided in ASN.1 TIME format, in other words, following the
YYYYMMDDHHMMSSZpattern. They are all in UTC. - Supports
check_mode.
See Also
See also
- community.crypto.x509_crl
-
The official documentation on the community.crypto.x509_crl module.
Examples
- name: Get information on CRL
community.crypto.x509_crl_info:
path: /etc/ssl/my-ca.crl
register: result
- name: Print the information
ansible.builtin.debug:
msg: "{{ result }}"
- name: Get information on CRL without list of revoked certificates
community.crypto.x509_crl_info:
path: /etc/ssl/very-large.crl
list_revoked_certificates: false
register: result
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
| digest
string
|
success |
The signature algorithm used to sign the CRL.
Sample:
sha256WithRSAEncryption
|
|
| format
string
|
success |
Whether the CRL is in PEM format ( pem) or in DER format (der).
Sample:
pem
|
|
| issuer
dictionary
|
success |
The CRL's issuer.
Note that for repeated values, only the last one will be returned.
Sample:
{"organizationName": "Ansible", "commonName": "ca.example.com"}
|
|
| issuer_ordered
list / elements=list
|
success |
The CRL's issuer as an ordered list of tuples.
Sample:
[["organizationName", "Ansible"], ["commonName": "ca.example.com"]]
|
|
| last_update
string
|
success |
The point in time from which this CRL can be trusted as ASN.1 TIME.
Sample:
20190413202428Z
|
|
| next_update
string
|
success |
The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME.
Sample:
20190413202428Z
|
|
| revoked_certificates
list / elements=dictionary
|
success if list_revoked_certificates=true |
List of certificates to be revoked.
|
|
| invalidity_date
string
|
success |
The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME.
Sample:
20190413202428Z
|
|
| invalidity_date_critical
boolean
|
success |
Whether the invalidity date extension is critical.
|
|
| issuer
list / elements=string
|
success |
The certificate's issuer.
Sample:
["DNS:ca.example.org"]
|
|
| issuer_critical
boolean
|
success |
Whether the certificate issuer extension is critical.
|
|
| reason
string
|
success |
The value for the revocation reason extension.
One of unspecified, key_compromise, ca_compromise, affiliation_changed, superseded, cessation_of_operation, certificate_hold, privilege_withdrawn, aa_compromise, and remove_from_crl.
Sample:
key_compromise
|
|
| reason_critical
boolean
|
success |
Whether the revocation reason extension is critical.
|
|
| revocation_date
string
|
success |
The point in time the certificate was revoked as ASN.1 TIME.
Sample:
20190413202428Z
|
|
| serial_number
integer
|
success |
Serial number of the certificate.
Sample:
1234
|
|
Authors
- Felix Fontein (@felixfontein)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/crypto/x509_crl_info_module.html