Try SpotterGet information on certificates from a Windows Certificate Store
Authors: Micah Hunsberger (@mhunsber)
Install with ansible-galaxy collection install community.windows:==2.2.0
collections:
- name: community.windows
version: 2.2.0Returns information about certificates in a Windows Certificate Store.
- name: Obtain information about a particular certificate in the computer's personal store
community.windows.win_certificate_info:
thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27
register: mycert
# thumbprint can also be lower case
- name: Obtain information about a particular certificate in the computer's personal store
community.windows.win_certificate_info:
thumbprint: bd7af104cf1872bdb518d95c9534ea941665fd27
register: mycert
- name: Obtain information about all certificates in the root store
community.windows.win_certificate_info:
store_name: Root
register: ca
# Import a pfx and then get information on the certificates
- name: Import pfx certificate that is password protected
ansible.windows.win_certificate_store:
path: C:\Temp\cert.pfx
state: present
password: VeryStrongPasswordHere!
become: yes
become_method: runas
register: mycert
- name: Obtain information on each certificate that was touched
community.windows.win_certificate_info:
thumbprint: "{{ item }}"
register: mycert_stats
loop: "{{ mycert.thumbprints }}"
store_name:
default: My
description:
- The name of the store to search.
- See U(https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.storename)
for a list of built-in store names.
type: str
thumbprint:
description:
- The thumbprint as a hex string of a certificate to find.
- When specified, filters the I(certificates) return value to a single certificate
- See the examples for how to format the thumbprint.
required: false
type: str
store_location:
choices:
- CurrentUser
- LocalMachine
default: LocalMachine
description:
- The location of the store to search.
type: str
certificates:
contains:
archived:
description: Indicates that the certificate is archived.
sample: false
type: bool
cert_data:
description: The base64 encoded data of the entire certificate.
type: str
dns_names:
description: Lists the registered dns names for the certificate.
elements: str
sample:
- '*.m.wikiquote.org'
- '*.wikipedia.org'
type: list
extensions:
description: The collection of the certificates extensions.
elements: dict
sample:
- critical: false
field: Subject Key Identifier
value: 88 27 17 09 a9 b6 18 60 8b ec eb ba f6 47 59 c5 52 54 a3 b7
- critical: true
field: Basic Constraints
value: Subject Type=CA, Path Length Constraint=None
- critical: false
field: Authority Key Identifier
value: KeyID=2b d0 69 47 94 76 09 fe f4 6b 8d 2e 40 a6 f7 47 4d 7f 08 5e
- critical: false
field: CRL Distribution Points
value: '[1]CRL Distribution Point: Distribution Point Name:Full Name:URL=http://crl.apple.com/root.crl'
- critical: true
field: Key Usage
value: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing
(86)
- critical: false
field: null
value: 05 00
type: list
friendly_name:
description: The associated alias for the certificate.
sample: Microsoft Root Authority
type: str
has_private_key:
description: Indicates that the certificate contains a private key.
sample: false
type: bool
intended_purposes:
description: lists the intended applications for the certificate.
returned: enhanced key usages extension exists.
sample:
- Server Authentication
type: list
is_ca:
description: Indicates that the certificate is a certificate authority (CA)
certificate.
returned: basic constraints extension exists.
sample: true
type: bool
issued_by:
description: The certificate issuer's common name.
sample: Apple Root CA
type: str
issued_to:
description: The certificate's common name.
sample: Apple Worldwide Developer Relations Certification Authority
type: str
issuer:
description: The certificate issuer's distinguished name.
sample: CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US
type: str
key_usages:
description:
- Defines how the certificate key can be used.
- If this value is not defined, the key can be used for any purpose.
elements: str
returned: key usages extension exists.
sample:
- CrlSign
- KeyCertSign
- DigitalSignature
type: list
path_length_constraint:
description:
- The number of levels allowed in a certificates path.
- If this value is 0, the certificate does not have a restriction.
returned: basic constraints extension exists
sample: 0
type: int
public_key:
description: The base64 encoded public key of the certificate.
type: str
serial_number:
description: The serial number of the certificate represented as a hexadecimal
string
sample: 01DEBCC4396DA010
type: str
signature_algorithm:
description: The algorithm used to create the certificate's signature
sample: sha1RSA
type: str
ski:
description: The certificate's subject key identifier
returned: subject key identifier extension exists.
sample: 88271709A9B618608BECEBBAF64759C55254A3B7
type: str
subject:
description: The certificate's distinguished name.
sample: CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple
Worldwide Developer Relations, O=Apple Inc., C=US
type: str
thumbprint:
description:
- The thumbprint as a hex string of the certificate.
- The return format will always be upper case.
sample: FF6797793A3CD798DC5B2ABEF56F73EDC9F83A64
type: str
valid_from:
description: The start date of the certificate represented in seconds since
epoch.
sample: 1360255727
type: float
valid_from_iso8601:
description: The start date of the certificate represented as an iso8601 formatted
date.
sample: '2017-12-15T08:39:32Z'
type: str
valid_to:
description: The expiry date of the certificate represented in seconds since
epoch.
sample: 1675788527
type: float
valid_to_iso8601:
description: The expiry date of the certificate represented as an iso8601 formatted
date.
sample: '2086-01-02T08:39:32Z'
type: str
version:
description: The x509 format version of the certificate
sample: 3
type: int
description:
- A list of information about certificates found in the store, sorted by thumbprint.
elements: dict
returned: success
type: list
exists:
description:
- Whether any certificates were found in the store.
- When I(thumbprint) is specified, returns true only if the certificate mathing
the thumbprint exists.
returned: success
sample: true
type: bool