Try SpotterUses keytool to import/remove key from java keystore (cacerts)
Authors: Adam Hamsik (@haad)
Install with ansible-galaxy collection install community.general:==0.2.1
collections:
- name: community.general
version: 0.2.1This is a wrapper module around keytool, which can be used to import/remove certificates from a given java keystore.
- name: Import SSL certificate from google.com to a given cacerts keystore
java_cert:
cert_url: google.com
cert_port: 443
keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
keystore_pass: changeit
state: present
- name: Remove certificate with given alias from a keystore
java_cert:
cert_url: google.com
keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
keystore_pass: changeit
executable: /usr/lib/jvm/jre7/bin/keytool
state: absent
- name: Import trusted CA from SSL certificate
java_cert:
cert_path: /opt/certs/rootca.crt
keystore_path: /tmp/cacerts
keystore_pass: changeit
keystore_create: yes
state: present
cert_alias: LE_RootCA
trust_cacert: True
- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
java_cert:
cert_url: google.com
keystore_path: /tmp/cacerts
keystore_pass: changeit
keystore_create: yes
state: present
- name: Import a pkcs12 keystore with a specified alias, create it if it doesn't exist
java_cert:
pkcs12_path: "/tmp/importkeystore.p12"
cert_alias: default
keystore_path: /opt/wildfly/standalone/configuration/defaultkeystore.jks
keystore_pass: changeit
keystore_create: yes
state: present
- name: Import SSL certificate to JCEKS keystore
java_cert:
pkcs12_path: "/tmp/importkeystore.p12"
pkcs12_alias: default
pkcs12_password: somepass
cert_alias: default
keystore_path: /opt/someapp/security/keystore.jceks
keystore_type: "JCEKS"
keystore_pass: changeit
keystore_create: yes
state: present
state:
choices:
- absent
- present
default: present
description:
- Defines action which can be either certificate import or removal.
type: str
cert_url:
description:
- Basic URL to fetch SSL certificate from.
- One of C(cert_url) or C(cert_path) is required to load certificate.
type: str
cert_path:
description:
- Local path to load certificate from.
- One of C(cert_url) or C(cert_path) is required to load certificate.
type: path
cert_port:
default: 443
description:
- Port to connect to URL.
- This will be used to create server URL:PORT.
type: int
cert_alias:
description:
- Imported certificate alias.
- The alias is used when checking for the presence of a certificate in the keystore.
type: str
executable:
default: keytool
description:
- Path to keytool binary if not used we search in PATH for it.
type: str
pkcs12_path:
description:
- Local path to load PKCS12 keystore from.
type: path
pkcs12_alias:
description:
- Alias in the PKCS12 keystore.
type: str
trust_cacert:
default: false
description:
- Trust imported cert as CAcert.
type: bool
version_added: 0.2.0
version_added_collection: community.general
keystore_pass:
description:
- Keystore password.
required: true
type: str
keystore_path:
description:
- Path to keystore.
type: path
keystore_type:
description:
- Keystore type (JCEKS, JKS).
type: str
keystore_create:
description:
- Create keystore if it does not exist.
type: bool
pkcs12_password:
default: ''
description:
- Password for importing from PKCS12 keystore.
type: str
cmd: description: Executed command to get action done. returned: success sample: keytool -importcert -noprompt -keystore type: str msg: description: Output from stdout of keytool command after execution of given command. returned: success sample: Module require existing keystore at keystore_path '/tmp/test/cacerts' type: str rc: description: Keytool command execution return value. returned: success sample: '0' type: int