community / community.crypto / 0.1.0 / module / get_certificate Get a certificate from a host:port Authors: John Westcott IV (@john-westcott-iv) preview | supported by communitycommunity.crypto.get_certificate (0.1.0) — module
Install with ansible-galaxy collection install community.crypto:==0.1.0
collections: - name: community.crypto version: 0.1.0
Makes a secure connection and returns information about the presented certificate
The module can use the cryptography Python library, or the pyOpenSSL Python library. By default, it tries to detect which one is available. This can be overridden with the I(select_crypto_backend) option. Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in Ansible 2.13."
- name: Get the cert from an RDP port get_certificate: host: "1.2.3.4" port: 3389 delegate_to: localhost run_once: true register: cert
- name: Get a cert from an https port get_certificate: host: "www.google.com" port: 443 delegate_to: localhost run_once: true register: cert
- name: How many days until cert expires debug: msg: "cert expires in: {{ expire_days }} days." vars: expire_days: "{{ (( cert.not_after | to_datetime('%Y%m%d%H%M%SZ')) - (ansible_date_time.iso8601 | to_datetime('%Y-%m-%dT%H:%M:%SZ')) ).days }}"
host: description: - The host to get the cert for (IP is fine) required: true type: str port: description: - The port to connect to required: true type: int ca_cert: description: - A PEM file containing one or more root certificates; if present, the cert will be validated against these root certs. - Note that this only validates the certificate is signed by the chain; not that the cert is valid for the host presenting it. type: path timeout: default: 10 description: - The timeout in seconds type: int proxy_host: description: - Proxy host used when get a certificate. type: str proxy_port: default: 8080 description: - Proxy port used when get a certificate. type: int select_crypto_backend: choices: - auto - cryptography - pyopenssl default: auto description: - Determines which crypto backend to use. - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl). - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library. - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. type: str
cert: description: The certificate retrieved from the port returned: success type: str expired: description: Boolean indicating if the cert is expired returned: success type: bool extensions: contains: asn1_data: description: The Base64 encoded ASN.1 content of the extnesion. returned: success type: str critical: description: Whether the extension is critical. returned: success type: bool name: description: The extension's name. returned: success type: str description: Extensions applied to the cert elements: dict returned: success type: list issuer: description: Information about the issuer of the cert returned: success type: dict not_after: description: Expiration date of the cert returned: success type: str not_before: description: Issue date of the cert returned: success type: str serial_number: description: The serial number of the cert returned: success type: str signature_algorithm: description: The algorithm used to sign the cert returned: success type: str subject: description: Information about the subject of the cert (OU, CN, etc) returned: success type: dict version: description: The version number of the certificate returned: success type: str