community.crypto.x509_crl_info – Retrieve information on Certificate Revocation Lists (CRLs)
Note
This plugin is part of the community.crypto collection (version 1.4.0).
To install it use: ansible-galaxy collection install community.crypto.
To use it in a playbook, specify: community.crypto.x509_crl_info.
New in version 1.0.0: of community.crypto
Synopsis
- This module allows one to retrieve information on Certificate Revocation Lists (CRLs).
Requirements
The below requirements are needed on the host that executes this module.
- cryptography >= 1.2
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| content string | Content of the X.509 CRL in PEM format, or Base64-encoded X.509 CRL. Either path or content must be specified, but not both. | |
| path path | Remote absolute path where the generated CRL file should be created or is already located. Either path or content must be specified, but not both. |
Notes
Note
- All timestamp values are provided in ASN.1 TIME format, in other words, following the
YYYYMMDDHHMMSSZpattern. They are all in UTC. - Supports
check_mode.
See Also
See also
- community.crypto.x509_crl
-
The official documentation on the community.crypto.x509_crl module.
Examples
- name: Get information on CRL
community.crypto.x509_crl_info:
path: /etc/ssl/my-ca.crl
register: result
- name: Print the information
ansible.builtin.debug:
msg: "{{ result }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
| digest string | success | The signature algorithm used to sign the CRL. Sample: sha256WithRSAEncryption | |
| format string | success | Whether the CRL is in PEM format ( pem) or in DER format (der).Sample: pem | |
| issuer dictionary | success | The CRL's issuer. Note that for repeated values, only the last one will be returned. Sample: {"organizationName": "Ansible", "commonName": "ca.example.com"} | |
| issuer_ordered list / elements=list | success | The CRL's issuer as an ordered list of tuples. Sample: [["organizationName", "Ansible"], ["commonName": "ca.example.com"]] | |
| last_update string | success | The point in time from which this CRL can be trusted as ASN.1 TIME. Sample: 20190413202428Z | |
| next_update string | success | The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME. Sample: 20190413202428Z | |
| revoked_certificates list / elements=dictionary | success | List of certificates to be revoked. | |
| invalidity_date string | success | The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME. Sample: 20190413202428Z | |
| invalidity_date_critical boolean | success | Whether the invalidity date extension is critical. | |
| issuer list / elements=string | success | The certificate's issuer. Sample: ["DNS:ca.example.org"] | |
| issuer_critical boolean | success | Whether the certificate issuer extension is critical. | |
| reason string | success | The value for the revocation reason extension. One of unspecified, key_compromise, ca_compromise, affiliation_changed, superseded, cessation_of_operation, certificate_hold, privilege_withdrawn, aa_compromise, and remove_from_crl.Sample: key_compromise | |
| reason_critical boolean | success | Whether the revocation reason extension is critical. | |
| revocation_date string | success | The point in time the certificate was revoked as ASN.1 TIME. Sample: 20190413202428Z | |
| serial_number integer | success | Serial number of the certificate. Sample: 1234 | |
Authors
- Felix Fontein (@felixfontein)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/crypto/x509_crl_info_module.html