community.crypto.x509_crl_info module – Retrieve information on Certificate Revocation Lists (CRLs)
Note
This module is part of the community.crypto collection (version 2.22.0).
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.crypto
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.crypto.x509_crl_info
.
New in community.crypto 1.0.0
Synopsis
This module allows one to retrieve information on Certificate Revocation Lists (CRLs).
Requirements
The below requirements are needed on the host that executes this module.
If
name_encoding
is set to another value thanignore
, the idna Python library needs to be installed.cryptography >= 1.2
Parameters
Parameter |
Comments |
---|---|
If set to This is useful when retrieving information on large CRL files. Enumerating all revoked certificates can take some time, including serializing the result as JSON, sending it to the Ansible controller, and decoding it again. Choices:
|
|
How to encode names (DNS names, URIs, email addresses) in return values.
Note that Choices:
|
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full This action does not modify state. |
Can run in |
|
Support: N/A This action does not modify state. |
Will return details on what has changed (or possibly needs changing in |
Notes
Note
All timestamp values are provided in ASN.1 TIME format, in other words, following the
YYYYMMDDHHMMSSZ
pattern. They are all in UTC.
See Also
See also
- community.crypto.x509_crl
Generate Certificate Revocation Lists (CRLs).
- community.crypto.x509_crl_info filter plugin
A filter variant of this module.
- community.crypto.to_serial filter plugin
Convert an integer to a colon-separated list of hex numbers.
Examples
- name: Get information on CRL
community.crypto.x509_crl_info:
path: /etc/ssl/my-ca.crl
register: result
- name: Print the information
ansible.builtin.debug:
msg: "{{ result }}"
- name: Get information on CRL without list of revoked certificates
community.crypto.x509_crl_info:
path: /etc/ssl/very-large.crl
list_revoked_certificates: false
register: result
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The signature algorithm used to sign the CRL. Returned: success Sample: |
|
Whether the CRL is in PEM format ( Returned: success Can only return:
Sample: |
|
The CRL’s issuer. Note that for repeated values, only the last one will be returned. See Returned: success Sample: |
|
The CRL’s issuer as an ordered list of tuples. Returned: success Sample: |
|
The point in time from which this CRL can be trusted as ASN.1 TIME. Returned: success Sample: |
|
The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME. Returned: success Sample: |
|
List of certificates to be revoked. Returned: success if |
|
The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME. Returned: success Sample: |
|
Whether the invalidity date extension is critical. Returned: success Sample: |
|
The certificate’s issuer. See Returned: success Sample: |
|
Whether the certificate issuer extension is critical. Returned: success Sample: |
|
The value for the revocation reason extension. Returned: success Can only return:
Sample: |
|
Whether the revocation reason extension is critical. Returned: success Sample: |
|
The point in time the certificate was revoked as ASN.1 TIME. Returned: success Sample: |
|
Serial number of the certificate. This return value is an integer. If you need the serial numbers as a colon-separated hex string, such as Returned: success Sample: |