New in version 2.7.
openssl verify ...
.The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
input_chain
-
/ required
|
A concatenated set of certificates in PEM format forming a chain.
The module will try to complete this chain.
|
|
intermediate_certificates
list
|
Default: []
|
A list of filenames or directories.
A filename is assumed to point to a file containing one or more certificates in PEM format. All certificates in this file will be added to the set of root certificates.
If a directory name is given, all files in the directory and its subdirectories will be scanned and tried to be parsed as concatenated certificates in PEM format.
Symbolic links will be followed.
|
root_certificates
list
/ required
|
A list of filenames or directories.
A filename is assumed to point to a file containing one or more certificates in PEM format. All certificates in this file will be added to the set of root certificates.
If a directory name is given, all files in the directory and its subdirectories will be scanned and tried to be parsed as concatenated certificates in PEM format.
Symbolic links will be followed.
|
# Given a leaf certificate for www.ansible.com and one or more intermediate
# certificates, finds the associated root certificate.
- name: Find root certificate
certificate_complete_chain:
input_chain: "{{ lookup('file', '/etc/ssl/csr/www.ansible.com-fullchain.pem') }}"
root_certificates:
- /etc/ca-certificates/
register: www_ansible_com
- name: Write root certificate to disk
copy:
dest: /etc/ssl/csr/www.ansible.com-root.pem
content: "{{ www_ansible_com.root }}"
# Given a leaf certificate for www.ansible.com, and a list of intermediate
# certificates, finds the associated root certificate.
- name: Find root certificate
certificate_complete_chain:
input_chain: "{{ lookup('file', '/etc/ssl/csr/www.ansible.com.pem') }}"
intermediate_certificates:
- /etc/ssl/csr/www.ansible.com-chain.pem
root_certificates:
- /etc/ca-certificates/
register: www_ansible_com
- name: Write complete chain to disk
copy:
dest: /etc/ssl/csr/www.ansible.com-completechain.pem
content: "{{ ''.join(www_ansible_com.complete_chain) }}"
- name: Write root chain (intermediates and root) to disk
copy:
dest: /etc/ssl/csr/www.ansible.com-rootchain.pem
content: "{{ ''.join(www_ansible_com.chain) }}"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
chain
list
|
success |
The chain added to the given input chain. Includes the root certificate.
Returned as a list of PEM certificates.
|
complete_chain
list
|
success |
The completed chain, including leaf, all intermediates, and root.
Returned as a list of PEM certificates.
|
root
string
|
success |
The root certificate in PEM format.
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.