community / community.windows / 2.2.0 / module / win_certificate_info Get information on certificates from a Windows Certificate Store Authors: Micah Hunsberger (@mhunsber)community.windows.win_certificate_info (2.2.0) — module
Install with ansible-galaxy collection install community.windows:==2.2.0
collections: - name: community.windows version: 2.2.0
Returns information about certificates in a Windows Certificate Store.
- name: Obtain information about a particular certificate in the computer's personal store community.windows.win_certificate_info: thumbprint: BD7AF104CF1872BDB518D95C9534EA941665FD27 register: mycert
# thumbprint can also be lower case - name: Obtain information about a particular certificate in the computer's personal store community.windows.win_certificate_info: thumbprint: bd7af104cf1872bdb518d95c9534ea941665fd27 register: mycert
- name: Obtain information about all certificates in the root store community.windows.win_certificate_info: store_name: Root register: ca
# Import a pfx and then get information on the certificates - name: Import pfx certificate that is password protected ansible.windows.win_certificate_store: path: C:\Temp\cert.pfx state: present password: VeryStrongPasswordHere! become: yes become_method: runas register: mycert
- name: Obtain information on each certificate that was touched community.windows.win_certificate_info: thumbprint: "{{ item }}" register: mycert_stats loop: "{{ mycert.thumbprints }}"
store_name: default: My description: - The name of the store to search. - See U(https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.storename) for a list of built-in store names. type: str thumbprint: description: - The thumbprint as a hex string of a certificate to find. - When specified, filters the I(certificates) return value to a single certificate - See the examples for how to format the thumbprint. required: false type: str store_location: choices: - CurrentUser - LocalMachine default: LocalMachine description: - The location of the store to search. type: str
certificates: contains: archived: description: Indicates that the certificate is archived. sample: false type: bool cert_data: description: The base64 encoded data of the entire certificate. type: str dns_names: description: Lists the registered dns names for the certificate. elements: str sample: - '*.m.wikiquote.org' - '*.wikipedia.org' type: list extensions: description: The collection of the certificates extensions. elements: dict sample: - critical: false field: Subject Key Identifier value: 88 27 17 09 a9 b6 18 60 8b ec eb ba f6 47 59 c5 52 54 a3 b7 - critical: true field: Basic Constraints value: Subject Type=CA, Path Length Constraint=None - critical: false field: Authority Key Identifier value: KeyID=2b d0 69 47 94 76 09 fe f4 6b 8d 2e 40 a6 f7 47 4d 7f 08 5e - critical: false field: CRL Distribution Points value: '[1]CRL Distribution Point: Distribution Point Name:Full Name:URL=http://crl.apple.com/root.crl' - critical: true field: Key Usage value: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86) - critical: false field: null value: 05 00 type: list friendly_name: description: The associated alias for the certificate. sample: Microsoft Root Authority type: str has_private_key: description: Indicates that the certificate contains a private key. sample: false type: bool intended_purposes: description: lists the intended applications for the certificate. returned: enhanced key usages extension exists. sample: - Server Authentication type: list is_ca: description: Indicates that the certificate is a certificate authority (CA) certificate. returned: basic constraints extension exists. sample: true type: bool issued_by: description: The certificate issuer's common name. sample: Apple Root CA type: str issued_to: description: The certificate's common name. sample: Apple Worldwide Developer Relations Certification Authority type: str issuer: description: The certificate issuer's distinguished name. sample: CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US type: str key_usages: description: - Defines how the certificate key can be used. - If this value is not defined, the key can be used for any purpose. elements: str returned: key usages extension exists. sample: - CrlSign - KeyCertSign - DigitalSignature type: list path_length_constraint: description: - The number of levels allowed in a certificates path. - If this value is 0, the certificate does not have a restriction. returned: basic constraints extension exists sample: 0 type: int public_key: description: The base64 encoded public key of the certificate. type: str serial_number: description: The serial number of the certificate represented as a hexadecimal string sample: 01DEBCC4396DA010 type: str signature_algorithm: description: The algorithm used to create the certificate's signature sample: sha1RSA type: str ski: description: The certificate's subject key identifier returned: subject key identifier extension exists. sample: 88271709A9B618608BECEBBAF64759C55254A3B7 type: str subject: description: The certificate's distinguished name. sample: CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US type: str thumbprint: description: - The thumbprint as a hex string of the certificate. - The return format will always be upper case. sample: FF6797793A3CD798DC5B2ABEF56F73EDC9F83A64 type: str valid_from: description: The start date of the certificate represented in seconds since epoch. sample: 1360255727 type: float valid_from_iso8601: description: The start date of the certificate represented as an iso8601 formatted date. sample: '2017-12-15T08:39:32Z' type: str valid_to: description: The expiry date of the certificate represented in seconds since epoch. sample: 1675788527 type: float valid_to_iso8601: description: The expiry date of the certificate represented as an iso8601 formatted date. sample: '2086-01-02T08:39:32Z' type: str version: description: The x509 format version of the certificate sample: 3 type: int description: - A list of information about certificates found in the store, sorted by thumbprint. elements: dict returned: success type: list exists: description: - Whether any certificates were found in the store. - When I(thumbprint) is specified, returns true only if the certificate mathing the thumbprint exists. returned: success sample: true type: bool