ansible / ansible.builtin / v2.8.18 / module / openssl_csr_info Provide information of OpenSSL Certificate Signing Requests (CSR) | "added in version" 2.8 of ansible.builtin" Authors: Felix Fontein (@felixfontein), Yanis Guenane (@Spredzy) preview | supported by communityansible.builtin.openssl_csr_info (v2.8.18) — module
pip
Install with pip install ansible==2.8.18
This module allows one to query information on OpenSSL Certificate Signing Requests (CSR).
In case the CSR signature cannot be validated, the module will fail. In this case, all return variables are still returned.
It uses the pyOpenSSL or cryptography python library to interact with OpenSSL. If both the cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with C(select_crypto_backend))
- name: Generate an OpenSSL Certificate Signing Request openssl_csr: path: /etc/ssl/csr/www.ansible.com.csr privatekey_path: /etc/ssl/private/ansible.com.pem common_name: www.ansible.com
- name: Get information on the CSR openssl_csr_info: path: /etc/ssl/csr/www.ansible.com.csr register: result
- name: Dump information debug: var: result
path: description: - Remote absolute path where the CSR file is loaded from. required: true type: path select_crypto_backend: choices: - auto - cryptography - pyopenssl default: auto description: - Determines which crypto backend to use. - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl). - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library. - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. type: str
basic_constraints: description: Entries in the C(basic_constraints) extension, or C(none) if extension is not present. returned: success sample: '[CA:TRUE, pathlen:1]' type: list basic_constraints_critical: description: Whether the C(basic_constraints) extension is critical. returned: success type: bool extended_key_usage: description: Entries in the C(extended_key_usage) extension, or C(none) if extension is not present. returned: success sample: '[Biometric Info, DVCS, Time Stamping]' type: list extended_key_usage_critical: description: Whether the C(extended_key_usage) extension is critical. returned: success type: bool extensions_by_oid: contains: critical: description: Whether the extension is critical. returned: success type: bool value: description: The Base64 encoded value (in DER format) of the extension returned: success sample: MAMCAQU= type: str description: Returns a dictionary for every extension OID returned: success sample: '{"1.3.6.1.5.5.7.1.24": { "critical": false, "value": "MAMCAQU="}}' type: complex key_usage: description: Entries in the C(key_usage) extension, or C(none) if extension is not present. returned: success sample: '[Key Agreement, Data Encipherment]' type: str key_usage_critical: description: Whether the C(key_usage) extension is critical. returned: success type: bool ocsp_must_staple: description: C(yes) if the OCSP Must Staple extension is present, C(none) otherwise. returned: success type: bool ocsp_must_staple_critical: description: Whether the C(ocsp_must_staple) extension is critical. returned: success type: bool public_key: description: CSR's public key in PEM format returned: success sample: '-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A...' type: str public_key_fingerprints: description: - Fingerprints of CSR's public key. - For every hash algorithm available, the fingerprint is computed. returned: success sample: '{''sha256'': ''d4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63'', ''sha512'': ''f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1...' type: dict signature_valid: description: - Whether the CSR's signature is valid. - In case the check returns C(no), the module will fail. returned: success type: bool subject: description: The CSR's subject. returned: success sample: '{"commonName": "www.example.com", "emailAddress": "test@example.com"}' type: dict subject_alt_name: description: Entries in the C(subject_alt_name) extension, or C(none) if extension is not present. returned: success sample: '[DNS:www.ansible.com, IP:1.2.3.4]' type: list subject_alt_name_critical: description: Whether the C(subject_alt_name) extension is critical. returned: success type: bool