XLAB Steampunk logo Try Spotter
 / home / ansible / ansible.builtin / v2.8.20 / module / get_certificate

ansible.builtin.get_certificate (v2.8.20) — module

Get a certificate from a host:port

| "added in version" 2.8 of ansible.builtin"

Authors: John Westcott IV (@john-westcott-iv)

preview | supported by community

Install Ansible via pip | Description | Requirements | Usage examples | Inputs | Outputs

Install Ansible via pip

Install with pip install ansible==2.8.20

Description

Makes a secure connection and returns information about the presented certificate


Requirements

Usage examples

Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Get the cert from an RDP port
  get_certificate:
    host: "1.2.3.4"
    port: 3389
  delegate_to: localhost
  run_once: true
  register: cert
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Get a cert from an https port
  get_certificate:
    host: "www.google.com"
    port: 443
  delegate_to: localhost
  run_once: true
  register: cert
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: How many days until cert expires
  debug:
    msg: "cert expires in: {{ expire_days }} days."
  vars:
    expire_days: "{{ (( cert.not_after | to_datetime('%Y%m%d%H%M%SZ')) - (ansible_date_time.iso8601 | to_datetime('%Y-%m-%dT%H:%M:%SZ')) ).days }}"

Inputs

    
host:
    description:
    - The host to get the cert for (IP is fine)
    required: true
    type: str

port:
    description:
    - The port to connect to
    required: true
    type: int

ca_cert:
    description:
    - A PEM file containing one or more root certificates; if present, the cert will be
      validated against these root certs.
    - Note that this only validates the certificate is signed by the chain; not that the
      cert is valid for the host presenting it.
    type: path

timeout:
    default: 10
    description:
    - The timeout in seconds
    type: int

Outputs

cert:
  description: The certificate retrieved from the port
  returned: success
  type: str
expired:
  description: Boolean indicating if the cert is expired
  returned: success
  type: bool
extensions:
  description: Extensions applied to the cert
  returned: success
  type: list
issuer:
  description: Information about the issuer of the cert
  returned: success
  type: dict
not_after:
  description: Expiration date of the cert
  returned: success
  type: str
not_before:
  description: Issue date of the cert
  returned: success
  type: str
serial_number:
  description: The serial number of the cert
  returned: success
  type: str
signature_algorithm:
  description: The algorithm used to sign the cert
  returned: success
  type: str
subject:
  description: Information about the subject of the cert (OU, CN, etc)
  returned: success
  type: dict
version:
  description: The version number of the certificate
  returned: success
  type: str
Got feedback? steampunk@xlab.si | © 2024. All rights reserved.
Cookie policy-Privacy policy-Terms of use-Security policy