community / community.crypto / 2.18.0 / filter / x509_crl_info Retrieve information from X.509 CRLs in PEM format | "added in version" 2.10.0 of community.crypto" Authors: Felix Fontein (@felixfontein)community.crypto.x509_crl_info (2.18.0) — filter
Install with ansible-galaxy collection install community.crypto:==2.18.0
collections: - name: community.crypto version: 2.18.0
Provided a X.509 crl in PEM format, retrieve information.
This is a filter version of the M(community.crypto.x509_crl_info) module.
- name: Show the Organization Name of the CRL's subject ansible.builtin.debug: msg: >- {{ ( lookup('ansible.builtin.file', '/path/to/cert.pem') | community.crypto.x509_crl_info ).issuer.organizationName }}
_input: description: - The content of the X.509 CRL in PEM format. required: true type: string name_encoding: choices: - ignore - idna - unicode default: ignore description: - How to encode names (DNS names, URIs, email addresses) in return values. - V(ignore) will use the encoding returned by the backend. - V(idna) will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails. - V(unicode) will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails. - B(Note) that V(idna) and V(unicode) require the L(idna Python library,https://pypi.org/project/idna/) to be installed. type: str list_revoked_certificates: default: true description: - If set to V(false), the list of revoked certificates is not included in the result. - This is useful when retrieving information on large CRL files. Enumerating all revoked certificates can take some time, including serializing the result as JSON, sending it to the Ansible controller, and decoding it again. type: bool version_added: 1.7.0 version_added_collection: community.crypto
_value: contains: digest: description: The signature algorithm used to sign the CRL. returned: success sample: sha256WithRSAEncryption type: str format: choices: - pem - der description: - Whether the CRL is in PEM format (V(pem)) or in DER format (V(der)). returned: success sample: pem type: str issuer: description: - The CRL's issuer. - Note that for repeated values, only the last one will be returned. - See O(name_encoding) for how IDNs are handled. returned: success sample: commonName: ca.example.com organizationName: Ansible type: dict issuer_ordered: description: The CRL's issuer as an ordered list of tuples. elements: list returned: success sample: - - organizationName - Ansible - - commonName: ca.example.com type: list last_update: description: The point in time from which this CRL can be trusted as ASN.1 TIME. returned: success sample: 20190413202428Z type: str next_update: description: The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME. returned: success sample: 20190413202428Z type: str revoked_certificates: contains: invalidity_date: description: 'The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME. ' sample: 20190413202428Z type: str invalidity_date_critical: description: Whether the invalidity date extension is critical. sample: false type: bool issuer: description: - The certificate's issuer. - See O(name_encoding) for how IDNs are handled. elements: str sample: - DNS:ca.example.org type: list issuer_critical: description: Whether the certificate issuer extension is critical. sample: false type: bool reason: choices: - unspecified - key_compromise - ca_compromise - affiliation_changed - superseded - cessation_of_operation - certificate_hold - privilege_withdrawn - aa_compromise - remove_from_crl description: - The value for the revocation reason extension. sample: key_compromise type: str reason_critical: description: Whether the revocation reason extension is critical. sample: false type: bool revocation_date: description: The point in time the certificate was revoked as ASN.1 TIME. sample: 20190413202428Z type: str serial_number: description: - Serial number of the certificate. - This return value is an B(integer). If you need the serial numbers as a colon-separated hex string, such as C(11:22:33), you need to convert it to that form with P(community.crypto.to_serial#filter). sample: 1234 type: int description: List of certificates to be revoked. elements: dict returned: success if O(list_revoked_certificates=true) type: list description: - Information on the CRL. type: dict