community.windows.win_certificate_info – Get information on certificates from a Windows Certificate Store
Note
This plugin is part of the community.windows collection (version 1.7.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.windows.
To use it in a playbook, specify: community.windows.win_certificate_info.
Synopsis
- Returns information about certificates in a Windows Certificate Store.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| store_location
string
|
|
The location of the store to search.
|
| store_name
string
|
Default:
"My"
|
The name of the store to search.
See https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.storename for a list of built-in store names.
|
| thumbprint
string
|
The thumbprint as a hex string of a certificate to find.
When specified, filters the certificates return value to a single certificate
See the examples for how to format the thumbprint.
|
See Also
See also
- ansible.windows.win_certificate_store
-
The official documentation on the ansible.windows.win_certificate_store module.
Examples
- name: Obtain information about a particular certificate in the computer's personal store
community.windows.win_certificate_info:
thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
register: mycert
# thumbprint can also be lower case
- name: Obtain information about a particular certificate in the computer's personal store
community.windows.win_certificate_info:
thumbprint: bd7af104cf1872bdb518d95c9534ea941665fd27
register: mycert
- name: Obtain information about all certificates in the root store
community.windows.win_certificate_info:
store_name: Root
register: ca
# Import a pfx and then get information on the certificates
- name: Import pfx certificate that is password protected
ansible.windows.win_certificate_store:
path: C:\Temp\cert.pfx
state: present
password: VeryStrongPasswordHere!
become: yes
become_method: runas
register: mycert
- name: Obtain information on each certificate that was touched
community.windows.win_certificate_info:
thumbprint: "{{ item }}"
register: mycert_stats
loop: "{{ mycert.thumbprints }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
| certificates
list / elements=dictionary
|
success |
A list of information about certificates found in the store, sorted by thumbprint.
|
|
| archived
boolean
|
success |
Indicates that the certificate is archived.
|
|
| cert_data
string
|
success |
The base64 encoded data of the entire certificate.
|
|
| dns_names
list / elements=string
|
success |
Lists the registered dns names for the certificate.
Sample:
['*.m.wikiquote.org', '*.wikipedia.org']
|
|
| extensions
list / elements=dictionary
|
success |
The collection of the certificates extensions.
Sample:
[{'critical': False, 'field': 'Subject Key Identifier', 'value': '88 27 17 09 a9 b6 18 60 8b ec eb ba f6 47 59 c5 52 54 a3 b7'}, {'critical': True, 'field': 'Basic Constraints', 'value': 'Subject Type=CA, Path Length Constraint=None'}, {'critical': False, 'field': 'Authority Key Identifier', 'value': 'KeyID=2b d0 69 47 94 76 09 fe f4 6b 8d 2e 40 a6 f7 47 4d 7f 08 5e'}, {'critical': False, 'field': 'CRL Distribution Points', 'value': '[1]CRL Distribution Point: Distribution Point Name:Full Name:URL=http://crl.apple.com/root.crl'}, {'critical': True, 'field': 'Key Usage', 'value': 'Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)'}, {'critical': False, 'field': None, 'value': '05 00'}]
|
|
| friendly_name
string
|
success |
The associated alias for the certificate.
Sample:
Microsoft Root Authority
|
|
| has_private_key
boolean
|
success |
Indicates that the certificate contains a private key.
|
|
| intended_purposes
list / elements=string
|
enhanced key usages extension exists. |
lists the intended applications for the certificate.
Sample:
['Server Authentication']
|
|
| is_ca
boolean
|
basic constraints extension exists. |
Indicates that the certificate is a certificate authority (CA) certificate.
Sample:
True
|
|
| issued_by
string
|
success |
The certificate issuer's common name.
Sample:
Apple Root CA
|
|
| issued_to
string
|
success |
The certificate's common name.
Sample:
Apple Worldwide Developer Relations Certification Authority
|
|
| issuer
string
|
success |
The certificate issuer's distinguished name.
Sample:
CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US
|
|
| key_usages
list / elements=string
|
key usages extension exists. |
Defines how the certificate key can be used.
If this value is not defined, the key can be used for any purpose.
Sample:
['CrlSign', 'KeyCertSign', 'DigitalSignature']
|
|
| path_length_constraint
integer
|
basic constraints extension exists |
The number of levels allowed in a certificates path.
If this value is 0, the certificate does not have a restriction.
|
|
| public_key
string
|
success |
The base64 encoded public key of the certificate.
|
|
| serial_number
string
|
success |
The serial number of the certificate represented as a hexadecimal string
Sample:
01DEBCC4396DA010
|
|
| signature_algorithm
string
|
success |
The algorithm used to create the certificate's signature
Sample:
sha1RSA
|
|
| ski
string
|
subject key identifier extension exists. |
The certificate's subject key identifier
Sample:
88271709A9B618608BECEBBAF64759C55254A3B7
|
|
| subject
string
|
success |
The certificate's distinguished name.
Sample:
CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US
|
|
| thumbprint
string
|
success |
The thumbprint as a hex string of the certificate.
The return format will always be upper case.
Sample:
FF6797793A3CD798DC5B2ABEF56F73EDC9F83A64
|
|
| valid_from
float
|
success |
The start date of the certificate represented in seconds since epoch.
Sample:
1360255727
|
|
| valid_from_iso8601
string
|
success |
The start date of the certificate represented as an iso8601 formatted date.
Sample:
2017-12-15T08:39:32Z
|
|
| valid_to
float
|
success |
The expiry date of the certificate represented in seconds since epoch.
Sample:
1675788527
|
|
| valid_to_iso8601
string
|
success |
The expiry date of the certificate represented as an iso8601 formatted date.
Sample:
2086-01-02T08:39:32Z
|
|
| version
integer
|
success |
The x509 format version of the certificate
Sample:
3
|
|
| exists
boolean
|
success |
Whether any certificates were found in the store.
When thumbprint is specified, returns true only if the certificate mathing the thumbprint exists.
Sample:
True
|
|
Authors
- Micah Hunsberger (@mhunsber)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/windows/win_certificate_info_module.html