New in version 2.8.
select_crypto_backend
)The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
path
path
/ required
|
Remote absolute path where the CSR file is loaded from.
|
|
select_crypto_backend
string
|
|
Determines which crypto backend to use.
The default choice is
auto , which tries to use cryptography if available, and falls back to pyopenssl .If set to
pyopenssl , will try to use the pyOpenSSL library.If set to
cryptography , will try to use the cryptography library. |
See also
- name: Generate an OpenSSL Certificate Signing Request
openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
common_name: www.ansible.com
- name: Get information on the CSR
openssl_csr_info:
path: /etc/ssl/csr/www.ansible.com.csr
register: result
- name: Dump information
debug:
var: result
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
basic_constraints
list
|
success |
Entries in the
basic_constraints extension, or none if extension is not present.Sample:
[CA:TRUE, pathlen:1]
|
|
basic_constraints_critical
boolean
|
success |
Whether the
basic_constraints extension is critical. |
|
extended_key_usage
list
|
success |
Entries in the
extended_key_usage extension, or none if extension is not present.Sample:
[Biometric Info, DVCS, Time Stamping]
|
|
extended_key_usage_critical
boolean
|
success |
Whether the
extended_key_usage extension is critical. |
|
extensions_by_oid
complex
|
success |
Returns a dictionary for every extension OID
Sample:
{"1.3.6.1.5.5.7.1.24": { "critical": false, "value": "MAMCAQU="}}
|
|
critical
boolean
|
success |
Whether the extension is critical.
|
|
value
string
|
success |
The Base64 encoded value (in DER format) of the extension
Sample:
MAMCAQU=
|
|
key_usage
string
|
success |
Entries in the
key_usage extension, or none if extension is not present.Sample:
[Key Agreement, Data Encipherment]
|
|
key_usage_critical
boolean
|
success |
Whether the
key_usage extension is critical. |
|
ocsp_must_staple
boolean
|
success |
yes if the OCSP Must Staple extension is present, none otherwise. |
|
ocsp_must_staple_critical
boolean
|
success |
Whether the
ocsp_must_staple extension is critical. |
|
public_key
string
|
success |
CSR's public key in PEM format
Sample:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A...
|
|
public_key_fingerprints
dictionary
|
success |
Fingerprints of CSR's public key.
For every hash algorithm available, the fingerprint is computed.
Sample:
{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1...
|
|
signature_valid
boolean
|
success |
Whether the CSR's signature is valid.
In case the check returns
no , the module will fail. |
|
subject
dictionary
|
success |
The CSR's subject.
Sample:
{"commonName": "www.example.com", "emailAddress": "test@example.com"}
|
|
subject_alt_name
list
|
success |
Entries in the
subject_alt_name extension, or none if extension is not present.Sample:
[DNS:www.ansible.com, IP:1.2.3.4]
|
|
subject_alt_name_critical
boolean
|
success |
Whether the
subject_alt_name extension is critical. |
Hint
If you notice any issues in this documentation you can edit this document to improve it.