Try SpotterUses keytool to import/remove key from java keystore (cacerts)
| "added in version" 2.3 of ansible.builtin"
Authors: Adam Hamsik (@haad)
preview | supported by community
pipInstall with pip install ansible==2.9.27
This is a wrapper module around keytool, which can be used to import/remove certificates from a given java keystore.
- name: Import SSL certificate from google.com to a given cacerts keystore
java_cert:
cert_url: google.com
cert_port: 443
keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
keystore_pass: changeit
state: present
- name: Remove certificate with given alias from a keystore
java_cert:
cert_url: google.com
keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
keystore_pass: changeit
executable: /usr/lib/jvm/jre7/bin/keytool
state: absent
- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
java_cert:
cert_url: google.com
keystore_path: /tmp/cacerts
keystore_pass: changeit
keystore_create: yes
state: present
- name: Import a pkcs12 keystore with a specified alias, create it if it doesn't exist
java_cert:
pkcs12_path: "/tmp/importkeystore.p12"
cert_alias: default
keystore_path: /opt/wildfly/standalone/configuration/defaultkeystore.jks
keystore_pass: changeit
keystore_create: yes
state: present
- name: Import SSL certificate to JCEKS keystore
java_cert:
pkcs12_path: "/tmp/importkeystore.p12"
pkcs12_alias: default
pkcs12_password: somepass
cert_alias: default
keystore_path: /opt/someapp/security/keystore.jceks
keystore_type: "JCEKS"
keystore_pass: changeit
keystore_create: yes
state: present
state:
choices:
- absent
- present
default: present
description:
- Defines action which can be either certificate import or removal.
type: str
cert_url:
description:
- Basic URL to fetch SSL certificate from.
- One of C(cert_url) or C(cert_path) is required to load certificate.
type: str
cert_path:
description:
- Local path to load certificate from.
- One of C(cert_url) or C(cert_path) is required to load certificate.
type: path
cert_port:
default: 443
description:
- Port to connect to URL.
- This will be used to create server URL:PORT.
type: int
cert_alias:
description:
- Imported certificate alias.
- The alias is used when checking for the presence of a certificate in the keystore.
type: str
executable:
default: keytool
description:
- Path to keytool binary if not used we search in PATH for it.
type: str
pkcs12_path:
description:
- Local path to load PKCS12 keystore from.
type: path
version_added: '2.4'
version_added_collection: ansible.builtin
pkcs12_alias:
description:
- Alias in the PKCS12 keystore.
type: str
version_added: '2.4'
version_added_collection: ansible.builtin
keystore_pass:
description:
- Keystore password.
required: true
type: str
keystore_path:
description:
- Path to keystore.
type: path
keystore_type:
description:
- Keystore type (JCEKS, JKS).
type: str
version_added: '2.8'
version_added_collection: ansible.builtin
keystore_create:
description:
- Create keystore if it does not exist.
type: bool
pkcs12_password:
default: ''
description:
- Password for importing from PKCS12 keystore.
type: str
version_added: '2.4'
version_added_collection: ansible.builtin
cmd: description: Executed command to get action done. returned: success sample: keytool -importcert -noprompt -keystore type: str msg: description: Output from stdout of keytool command after execution of given command. returned: success sample: Module require existing keystore at keystore_path '/tmp/test/cacerts' type: str rc: description: Keytool command execution return value. returned: success sample: '0' type: int