internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-06 13:22:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: 095434a4c1

Browse Source
This commit is contained in:
felixfontein
2023-01-01 09:21:40 +00:00
parent 88864530f2
commit 334ebc6035
40 changed files with 1352 additions and 1352 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
branch/main/acme_account_info_module.html
View File

@@ -395,33 +395,33 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Check whether an account with the given account key exists</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_account_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Verify that account exists</span><span class="w"></span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.exists</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print account URI</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.account_uri</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print account contacts</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.account.contact</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Check whether an account with the given account key exists</span>
<span class="w"> </span><span class="nt">community.crypto.acme_account_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Verify that account exists</span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.exists</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print account URI</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.account_uri</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print account contacts</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.account.contact</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Check whether the account exists and is accessible with the given account key</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_account_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">acme_account_key</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">acme_account_uri</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Verify that account exists</span><span class="w"></span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.exists</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print account contacts</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.account.contact</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Check whether the account exists and is accessible with the given account key</span>
<span class="w"> </span><span class="nt">acme_account_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">acme_account_key</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">acme_account_uri</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Verify that account exists</span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.exists</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print account contacts</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.account.contact</span>
</pre></div>
</div>
</section>

48
branch/main/acme_account_module.html
View File

@@ -503,33 +503,33 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure account exists and has given contacts. We agree to TOS.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_account</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span><span class="w"></span>
<span class="w"> </span><span class="nt">terms_agreed</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">contact</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mailto:me@example.com</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mailto:myself@example.org</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure account exists and has given contacts. We agree to TOS.</span>
<span class="w"> </span><span class="nt">community.crypto.acme_account</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
<span class="w"> </span><span class="nt">terms_agreed</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">contact</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mailto:me@example.com</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mailto:myself@example.org</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure account has given email address. Do not create account if it does not exist</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_account</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span><span class="w"></span>
<span class="w"> </span><span class="nt">allow_creation</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"></span>
<span class="w"> </span><span class="nt">contact</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mailto:me@example.com</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure account has given email address. Do not create account if it does not exist</span>
<span class="w"> </span><span class="nt">community.crypto.acme_account</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
<span class="w"> </span><span class="nt">allow_creation</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="w"> </span><span class="nt">contact</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mailto:me@example.com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Change account&#39;s key to the one stored in the variable new_account_key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_account</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">new_account_key_content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">new_account_key</span> <span class="cp">}}</span><span class="s">&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">changed_key</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Change account&#39;s key to the one stored in the variable new_account_key</span>
<span class="w"> </span><span class="nt">community.crypto.acme_account</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">new_account_key_content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">new_account_key</span> <span class="cp">}}</span><span class="s">&#39;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">changed_key</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Delete account (we have to use the new key)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_account</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">new_account_key</span> <span class="cp">}}</span><span class="s">&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">absent</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Delete account (we have to use the new key)</span>
<span class="w"> </span><span class="nt">community.crypto.acme_account</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">new_account_key</span> <span class="cp">}}</span><span class="s">&#39;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">absent</span>
</pre></div>
</div>
</section>

248
branch/main/acme_certificate_module.html
View File

@@ -645,140 +645,140 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="c1">### Example with HTTP challenge ###</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="c1">### Example with HTTP challenge ###</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a challenge for sample.com using a account key from a variable.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_private_key</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a challenge for sample.com using a account key from a variable.</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_private_key</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span>
<span class="c1"># Alternative first step:</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a challenge for sample.com using a account key from hashi vault.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;hashi_vault&#39;</span><span class="o">,</span> <span class="s1">&#39;secret=secret/account_private_key:value&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">fullchain_dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span><span class="w"></span>
<span class="c1"># Alternative first step:</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a challenge for sample.com using a account key from hashi vault.</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;hashi_vault&#39;</span><span class="o">,</span> <span class="s1">&#39;secret=secret/account_private_key:value&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span>
<span class="w"> </span><span class="nt">fullchain_dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span>
<span class="c1"># Alternative first step:</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a challenge for sample.com using a account key file.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/pki/cert/csr/sample.com.csr&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">fullchain_dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span><span class="w"></span>
<span class="c1"># Alternative first step:</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a challenge for sample.com using a account key file.</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/pki/cert/csr/sample.com.csr&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span>
<span class="w"> </span><span class="nt">fullchain_dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span>
<span class="c1"># perform the necessary steps to fulfill the challenge</span><span class="w"></span>
<span class="c1"># for example:</span><span class="w"></span>
<span class="c1">#</span><span class="w"></span>
<span class="c1"># - copy:</span><span class="w"></span>
<span class="c1"># dest: /var/www/html/</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span><span class="o">[</span><span class="s1">&#39;challenge_data&#39;</span><span class="o">][</span><span class="s1">&#39;sample.com&#39;</span><span class="o">][</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource&#39;</span><span class="o">]</span> <span class="cp">}}</span><span class="w"></span>
<span class="c1"># content: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span><span class="o">[</span><span class="s1">&#39;challenge_data&#39;</span><span class="o">][</span><span class="s1">&#39;sample.com&#39;</span><span class="o">][</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource_value&#39;</span><span class="o">]</span> <span class="cp">}}</span><span class="c1">&quot;</span><span class="w"></span>
<span class="c1"># when: sample_com_challenge is changed and &#39;sample.com&#39; in sample_com_challenge[&#39;challenge_data&#39;]</span><span class="w"></span>
<span class="c1">#</span><span class="w"></span>
<span class="c1"># Alternative way:</span><span class="w"></span>
<span class="c1">#</span><span class="w"></span>
<span class="c1"># - copy:</span><span class="w"></span>
<span class="c1"># dest: /var/www/</span><span class="cp">{{</span> <span class="nv">item.key</span> <span class="cp">}}</span><span class="c1">/</span><span class="cp">{{</span> <span class="nv">item.value</span><span class="o">[</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource&#39;</span><span class="o">]</span> <span class="cp">}}</span><span class="w"></span>
<span class="c1"># content: &quot;</span><span class="cp">{{</span> <span class="nv">item.value</span><span class="o">[</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource_value&#39;</span><span class="o">]</span> <span class="cp">}}</span><span class="c1">&quot;</span><span class="w"></span>
<span class="c1"># loop: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span> <span class="o">|</span> <span class="nf">dict2items</span> <span class="cp">}}</span><span class="c1">&quot;</span><span class="w"></span>
<span class="c1"># when: sample_com_challenge is changed</span><span class="w"></span>
<span class="c1"># perform the necessary steps to fulfill the challenge</span>
<span class="c1"># for example:</span>
<span class="c1">#</span>
<span class="c1"># - copy:</span>
<span class="c1"># dest: /var/www/html/</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span><span class="o">[</span><span class="s1">&#39;challenge_data&#39;</span><span class="o">][</span><span class="s1">&#39;sample.com&#39;</span><span class="o">][</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource&#39;</span><span class="o">]</span> <span class="cp">}}</span>
<span class="c1"># content: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span><span class="o">[</span><span class="s1">&#39;challenge_data&#39;</span><span class="o">][</span><span class="s1">&#39;sample.com&#39;</span><span class="o">][</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource_value&#39;</span><span class="o">]</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># when: sample_com_challenge is changed and &#39;sample.com&#39; in sample_com_challenge[&#39;challenge_data&#39;]</span>
<span class="c1">#</span>
<span class="c1"># Alternative way:</span>
<span class="c1">#</span>
<span class="c1"># - copy:</span>
<span class="c1"># dest: /var/www/</span><span class="cp">{{</span> <span class="nv">item.key</span> <span class="cp">}}</span><span class="c1">/</span><span class="cp">{{</span> <span class="nv">item.value</span><span class="o">[</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource&#39;</span><span class="o">]</span> <span class="cp">}}</span>
<span class="c1"># content: &quot;</span><span class="cp">{{</span> <span class="nv">item.value</span><span class="o">[</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource_value&#39;</span><span class="o">]</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># loop: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span> <span class="o">|</span> <span class="nf">dict2items</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># when: sample_com_challenge is changed</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Let the challenge be validated and retrieve the cert and intermediate certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">fullchain_dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">chain_dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-intermediate.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">data</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Let the challenge be validated and retrieve the cert and intermediate certificate</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span>
<span class="w"> </span><span class="nt">fullchain_dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span>
<span class="w"> </span><span class="nt">chain_dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-intermediate.crt</span>
<span class="w"> </span><span class="nt">data</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="c1">### Example with DNS challenge against production ACME server ###</span><span class="w"></span>
<span class="c1">### Example with DNS challenge against production ACME server ###</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a challenge for sample.com using a account key file.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">myself@sample.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">cert</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dns-01</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-v01.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="c1"># Renew if the certificate is at least 30 days old</span><span class="w"></span>
<span class="w"> </span><span class="nt">remaining_days</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">60</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a challenge for sample.com using a account key file.</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">myself@sample.com</span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span>
<span class="w"> </span><span class="nt">cert</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dns-01</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-v01.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="c1"># Renew if the certificate is at least 30 days old</span>
<span class="w"> </span><span class="nt">remaining_days</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">60</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span>
<span class="c1"># perform the necessary steps to fulfill the challenge</span><span class="w"></span>
<span class="c1"># for example:</span><span class="w"></span>
<span class="c1">#</span><span class="w"></span>
<span class="c1"># - community.aws.route53:</span><span class="w"></span>
<span class="c1"># zone: sample.com</span><span class="w"></span>
<span class="c1"># record: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span><span class="o">[</span><span class="s1">&#39;sample.com&#39;</span><span class="o">][</span><span class="s1">&#39;dns-01&#39;</span><span class="o">]</span><span class="nv">.record</span> <span class="cp">}}</span><span class="c1">&quot;</span><span class="w"></span>
<span class="c1"># type: TXT</span><span class="w"></span>
<span class="c1"># ttl: 60</span><span class="w"></span>
<span class="c1"># state: present</span><span class="w"></span>
<span class="c1"># wait: true</span><span class="w"></span>
<span class="c1"># # Note: route53 requires TXT entries to be enclosed in quotes</span><span class="w"></span>
<span class="c1"># value: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span><span class="o">[</span><span class="s1">&#39;sample.com&#39;</span><span class="o">][</span><span class="s1">&#39;dns-01&#39;</span><span class="o">]</span><span class="nv">.resource_value</span> <span class="o">|</span> <span class="nf">regex_replace</span><span class="o">(</span><span class="s1">&#39;^(.*)$&#39;</span><span class="o">,</span> <span class="s1">&#39;\&quot;\\1\&quot;&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="c1">&quot;</span><span class="w"></span>
<span class="c1"># when: sample_com_challenge is changed and &#39;sample.com&#39; in sample_com_challenge.challenge_data</span><span class="w"></span>
<span class="c1">#</span><span class="w"></span>
<span class="c1"># Alternative way:</span><span class="w"></span>
<span class="c1">#</span><span class="w"></span>
<span class="c1"># - community.aws.route53:</span><span class="w"></span>
<span class="c1"># zone: sample.com</span><span class="w"></span>
<span class="c1"># record: &quot;</span><span class="cp">{{</span> <span class="nv">item.key</span> <span class="cp">}}</span><span class="c1">&quot;</span><span class="w"></span>
<span class="c1"># type: TXT</span><span class="w"></span>
<span class="c1"># ttl: 60</span><span class="w"></span>
<span class="c1"># state: present</span><span class="w"></span>
<span class="c1"># wait: true</span><span class="w"></span>
<span class="c1"># # Note: item.value is a list of TXT entries, and route53</span><span class="w"></span>
<span class="c1"># # requires every entry to be enclosed in quotes</span><span class="w"></span>
<span class="c1"># value: &quot;</span><span class="cp">{{</span> <span class="nv">item.value</span> <span class="o">|</span> <span class="nf">map</span><span class="o">(</span><span class="s1">&#39;regex_replace&#39;</span><span class="o">,</span> <span class="s1">&#39;^(.*)$&#39;</span><span class="o">,</span> <span class="s1">&#39;\&quot;\\1\&quot;&#39;</span> <span class="o">)</span> <span class="o">|</span> <span class="nf">list</span> <span class="cp">}}</span><span class="c1">&quot;</span><span class="w"></span>
<span class="c1"># loop: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data_dns</span> <span class="o">|</span> <span class="nf">dict2items</span> <span class="cp">}}</span><span class="c1">&quot;</span><span class="w"></span>
<span class="c1"># when: sample_com_challenge is changed</span><span class="w"></span>
<span class="c1"># perform the necessary steps to fulfill the challenge</span>
<span class="c1"># for example:</span>
<span class="c1">#</span>
<span class="c1"># - community.aws.route53:</span>
<span class="c1"># zone: sample.com</span>
<span class="c1"># record: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span><span class="o">[</span><span class="s1">&#39;sample.com&#39;</span><span class="o">][</span><span class="s1">&#39;dns-01&#39;</span><span class="o">]</span><span class="nv">.record</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># type: TXT</span>
<span class="c1"># ttl: 60</span>
<span class="c1"># state: present</span>
<span class="c1"># wait: true</span>
<span class="c1"># # Note: route53 requires TXT entries to be enclosed in quotes</span>
<span class="c1"># value: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span><span class="o">[</span><span class="s1">&#39;sample.com&#39;</span><span class="o">][</span><span class="s1">&#39;dns-01&#39;</span><span class="o">]</span><span class="nv">.resource_value</span> <span class="o">|</span> <span class="nf">regex_replace</span><span class="o">(</span><span class="s1">&#39;^(.*)$&#39;</span><span class="o">,</span> <span class="s1">&#39;\&quot;\\1\&quot;&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># when: sample_com_challenge is changed and &#39;sample.com&#39; in sample_com_challenge.challenge_data</span>
<span class="c1">#</span>
<span class="c1"># Alternative way:</span>
<span class="c1">#</span>
<span class="c1"># - community.aws.route53:</span>
<span class="c1"># zone: sample.com</span>
<span class="c1"># record: &quot;</span><span class="cp">{{</span> <span class="nv">item.key</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># type: TXT</span>
<span class="c1"># ttl: 60</span>
<span class="c1"># state: present</span>
<span class="c1"># wait: true</span>
<span class="c1"># # Note: item.value is a list of TXT entries, and route53</span>
<span class="c1"># # requires every entry to be enclosed in quotes</span>
<span class="c1"># value: &quot;</span><span class="cp">{{</span> <span class="nv">item.value</span> <span class="o">|</span> <span class="nf">map</span><span class="o">(</span><span class="s1">&#39;regex_replace&#39;</span><span class="o">,</span> <span class="s1">&#39;^(.*)$&#39;</span><span class="o">,</span> <span class="s1">&#39;\&quot;\\1\&quot;&#39;</span> <span class="o">)</span> <span class="o">|</span> <span class="nf">list</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># loop: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data_dns</span> <span class="o">|</span> <span class="nf">dict2items</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># when: sample_com_challenge is changed</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Let the challenge be validated and retrieve the cert and intermediate certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">myself@sample.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">cert</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">fullchain</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">chain</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-intermediate.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dns-01</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-v01.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">remaining_days</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">60</span><span class="w"></span>
<span class="w"> </span><span class="nt">data</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge is changed</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Let the challenge be validated and retrieve the cert and intermediate certificate</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">myself@sample.com</span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span>
<span class="w"> </span><span class="nt">cert</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span>
<span class="w"> </span><span class="nt">fullchain</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span>
<span class="w"> </span><span class="nt">chain</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-intermediate.crt</span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dns-01</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-v01.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">remaining_days</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">60</span>
<span class="w"> </span><span class="nt">data</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge is changed</span>
<span class="c1"># Alternative second step:</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Let the challenge be validated and retrieve the cert and intermediate certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">myself@sample.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">cert</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">fullchain</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">chain</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-intermediate.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls-alpn-01</span><span class="w"></span>
<span class="w"> </span><span class="nt">remaining_days</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">60</span><span class="w"></span>
<span class="w"> </span><span class="nt">data</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># We use Let&#39;s Encrypt&#39;s ACME v2 endpoint</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-v02.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="c1"># The following makes sure that if a chain with /CN=DST Root CA X3 in its issuer is provided</span><span class="w"></span>
<span class="w"> </span><span class="c1"># as an alternative, it will be selected. These are the roots cross-signed by IdenTrust.</span><span class="w"></span>
<span class="w"> </span><span class="c1"># As long as Let&#39;s Encrypt provides alternate chains with the cross-signed root(s) when</span><span class="w"></span>
<span class="w"> </span><span class="c1"># switching to their own ISRG Root X1 root, this will use the chain ending with a cross-signed</span><span class="w"></span>
<span class="w"> </span><span class="c1"># root. This chain is more compatible with older TLS clients.</span><span class="w"></span>
<span class="w"> </span><span class="nt">select_chain</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">test_certificates</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">last</span><span class="w"></span>
<span class="w"> </span><span class="nt">issuer</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">CN</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">DST Root CA X3</span><span class="w"></span>
<span class="w"> </span><span class="nt">O</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Digital Signature Trust Co.</span><span class="w"></span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge is changed</span><span class="w"></span>
<span class="c1"># Alternative second step:</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Let the challenge be validated and retrieve the cert and intermediate certificate</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">myself@sample.com</span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span>
<span class="w"> </span><span class="nt">cert</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span>
<span class="w"> </span><span class="nt">fullchain</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span>
<span class="w"> </span><span class="nt">chain</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-intermediate.crt</span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls-alpn-01</span>
<span class="w"> </span><span class="nt">remaining_days</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">60</span>
<span class="w"> </span><span class="nt">data</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="c1"># We use Let&#39;s Encrypt&#39;s ACME v2 endpoint</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="c1"># The following makes sure that if a chain with /CN=DST Root CA X3 in its issuer is provided</span>
<span class="w"> </span><span class="c1"># as an alternative, it will be selected. These are the roots cross-signed by IdenTrust.</span>
<span class="w"> </span><span class="c1"># As long as Let&#39;s Encrypt provides alternate chains with the cross-signed root(s) when</span>
<span class="w"> </span><span class="c1"># switching to their own ISRG Root X1 root, this will use the chain ending with a cross-signed</span>
<span class="w"> </span><span class="c1"># root. This chain is more compatible with older TLS clients.</span>
<span class="w"> </span><span class="nt">select_chain</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">test_certificates</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">last</span>
<span class="w"> </span><span class="nt">issuer</span><span class="p">:</span>
<span class="w"> </span><span class="nt">CN</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">DST Root CA X3</span>
<span class="w"> </span><span class="nt">O</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Digital Signature Trust Co.</span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge is changed</span>
</pre></div>
</div>
</section>

16
branch/main/acme_certificate_revoke_module.html
View File

@@ -419,15 +419,15 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Revoke certificate with account key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate_revoke</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">certificate</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Revoke certificate with account key</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate_revoke</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">certificate</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Revoke certificate with certificate&#39;s private key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate_revoke</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">private_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">certificate</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Revoke certificate with certificate&#39;s private key</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate_revoke</span><span class="p">:</span>
<span class="w"> </span><span class="nt">private_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.key</span>
<span class="w"> </span><span class="nt">certificate</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span>
</pre></div>
</div>
<section id="authors">

72
branch/main/acme_challenge_cert_helper_module.html
View File

@@ -293,45 +293,45 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create challenges for a given CRT for sample.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls-alpn-01</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create challenges for a given CRT for sample.com</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls-alpn-01</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificates for challenges</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_challenge_cert_helper</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls-alpn-01</span><span class="w"></span>
<span class="w"> </span><span class="nt">challenge_data</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">item.value</span><span class="o">[</span><span class="s1">&#39;tls-alpn-01&#39;</span><span class="o">]</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">private_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/key/sample.com.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">loop</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span> <span class="o">|</span> <span class="nf">dictsort</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge_certs</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificates for challenges</span>
<span class="w"> </span><span class="nt">community.crypto.acme_challenge_cert_helper</span><span class="p">:</span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls-alpn-01</span>
<span class="w"> </span><span class="nt">challenge_data</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">item.value</span><span class="o">[</span><span class="s1">&#39;tls-alpn-01&#39;</span><span class="o">]</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">private_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/key/sample.com.key</span>
<span class="w"> </span><span class="nt">loop</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span> <span class="o">|</span> <span class="nf">dictsort</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge_certs</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Install challenge certificates</span><span class="w"></span>
<span class="w"> </span><span class="c1"># We need to set up HTTPS such that for the domain,</span><span class="w"></span>
<span class="w"> </span><span class="c1"># regular_certificate is delivered for regular connections,</span><span class="w"></span>
<span class="w"> </span><span class="c1"># except if ALPN selects the &quot;acme-tls/1&quot;; then, the</span><span class="w"></span>
<span class="w"> </span><span class="c1"># challenge_certificate must be delivered.</span><span class="w"></span>
<span class="w"> </span><span class="c1"># This can for example be achieved with very new versions</span><span class="w"></span>
<span class="w"> </span><span class="c1"># of NGINX; search for ssl_preread and</span><span class="w"></span>
<span class="w"> </span><span class="c1"># ssl_preread_alpn_protocols for information on how to</span><span class="w"></span>
<span class="w"> </span><span class="c1"># route by ALPN protocol.</span><span class="w"></span>
<span class="w"> </span><span class="nt">...</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">domain</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">item.domain</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">challenge_certificate</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">item.challenge_certificate</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">regular_certificate</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">item.regular_certificate</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">private_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/key/sample.com.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">loop</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge_certs.results</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Install challenge certificates</span>
<span class="w"> </span><span class="c1"># We need to set up HTTPS such that for the domain,</span>
<span class="w"> </span><span class="c1"># regular_certificate is delivered for regular connections,</span>
<span class="w"> </span><span class="c1"># except if ALPN selects the &quot;acme-tls/1&quot;; then, the</span>
<span class="w"> </span><span class="c1"># challenge_certificate must be delivered.</span>
<span class="w"> </span><span class="c1"># This can for example be achieved with very new versions</span>
<span class="w"> </span><span class="c1"># of NGINX; search for ssl_preread and</span>
<span class="w"> </span><span class="c1"># ssl_preread_alpn_protocols for information on how to</span>
<span class="w"> </span><span class="c1"># route by ALPN protocol.</span>
<span class="w"> </span><span class="nt">...</span><span class="p">:</span>
<span class="w"> </span><span class="nt">domain</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">item.domain</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">challenge_certificate</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">item.challenge_certificate</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">regular_certificate</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">item.regular_certificate</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">private_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/key/sample.com.key</span>
<span class="w"> </span><span class="nt">loop</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge_certs.results</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate for a given CSR for sample.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls-alpn-01</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">data</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate for a given CSR for sample.com</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls-alpn-01</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com.crt</span>
<span class="w"> </span><span class="nt">data</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span> <span class="cp">}}</span><span class="s">&quot;</span>
</pre></div>
</div>
</section>

176
branch/main/acme_inspect_module.html
View File

@@ -424,103 +424,103 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">directory-only</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">directory</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get directory</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">directory-only</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">directory</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create an account</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">directory.newAccount</span><span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">post</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;{&quot;termsOfServiceAgreed&quot;:true}&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_creation</span><span class="w"></span>
<span class="w"> </span><span class="c1"># account_creation.headers.location contains the account URI</span><span class="w"></span>
<span class="w"> </span><span class="c1"># if creation was successful</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create an account</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">directory.newAccount</span><span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">post</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;{&quot;termsOfServiceAgreed&quot;:true}&#39;</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_creation</span>
<span class="w"> </span><span class="c1"># account_creation.headers.location contains the account URI</span>
<span class="w"> </span><span class="c1"># if creation was successful</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get account information</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">get</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get account information</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">get</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Update account contacts</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">post</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">account_info</span> <span class="o">|</span> <span class="nf">to_json</span> <span class="cp">}}</span><span class="s">&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">vars</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="c1"># For valid values, see</span><span class="w"></span>
<span class="w"> </span><span class="c1"># https://tools.ietf.org/html/rfc8555#section-7.3</span><span class="w"></span>
<span class="w"> </span><span class="nt">contact</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mailto:me@example.com</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Update account contacts</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">post</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">account_info</span> <span class="o">|</span> <span class="nf">to_json</span> <span class="cp">}}</span><span class="s">&#39;</span>
<span class="w"> </span><span class="nt">vars</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_info</span><span class="p">:</span>
<span class="w"> </span><span class="c1"># For valid values, see</span>
<span class="w"> </span><span class="c1"># https://tools.ietf.org/html/rfc8555#section-7.3</span>
<span class="w"> </span><span class="nt">contact</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mailto:me@example.com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate order</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">fullchain_dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">http-01</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate_request</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate order</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span>
<span class="w"> </span><span class="nt">fullchain_dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span>
<span class="w"> </span><span class="nt">challenge</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">http-01</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate_request</span>
<span class="c1"># Assume something went wrong. certificate_request.order_uri contains</span><span class="w"></span>
<span class="c1"># the order URI.</span><span class="w"></span>
<span class="c1"># Assume something went wrong. certificate_request.order_uri contains</span>
<span class="c1"># the order URI.</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get order information</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">certificate_request.order_uri</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">get</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">order</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get order information</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">certificate_request.order_uri</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">get</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">order</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get first authz for order</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">order.output_json.authorizations</span><span class="o">[</span><span class="m">0</span><span class="o">]</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">get</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">authz</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get first authz for order</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">order.output_json.authorizations</span><span class="o">[</span><span class="m">0</span><span class="o">]</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">get</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">authz</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get HTTP-01 challenge for authz</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">authz.output_json.challenges</span> <span class="o">|</span> <span class="nf">selectattr</span><span class="o">(</span><span class="s1">&#39;type&#39;</span><span class="o">,</span> <span class="s1">&#39;equalto&#39;</span><span class="o">,</span> <span class="s1">&#39;http-01&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">get</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">http01challenge</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get HTTP-01 challenge for authz</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">authz.output_json.challenges</span> <span class="o">|</span> <span class="nf">selectattr</span><span class="o">(</span><span class="s1">&#39;type&#39;</span><span class="o">,</span> <span class="s1">&#39;equalto&#39;</span><span class="o">,</span> <span class="s1">&#39;http-01&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">get</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">http01challenge</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Activate HTTP-01 challenge manually</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">http01challenge.url</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">post</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;{}&#39;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Activate HTTP-01 challenge manually</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">http01challenge.url</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">post</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;{}&#39;</span>
</pre></div>
</div>
</section>

60
branch/main/certificate_complete_chain_module.html
View File

@@ -267,37 +267,37 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ce
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id5">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="c1"># Given a leaf certificate for www.ansible.com and one or more intermediate</span><span class="w"></span>
<span class="c1"># certificates, finds the associated root certificate.</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Find root certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.certificate_complete_chain</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">input_chain</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com-fullchain.pem&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">root_certificates</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ca-certificates/</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www_ansible_com</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write root certificate to disk</span><span class="w"></span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-root.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">www_ansible_com.root</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="c1"># Given a leaf certificate for www.ansible.com and one or more intermediate</span>
<span class="c1"># certificates, finds the associated root certificate.</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Find root certificate</span>
<span class="w"> </span><span class="nt">community.crypto.certificate_complete_chain</span><span class="p">:</span>
<span class="w"> </span><span class="nt">input_chain</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com-fullchain.pem&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">root_certificates</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ca-certificates/</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www_ansible_com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write root certificate to disk</span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-root.pem</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">www_ansible_com.root</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="c1"># Given a leaf certificate for www.ansible.com, and a list of intermediate</span><span class="w"></span>
<span class="c1"># certificates, finds the associated root certificate.</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Find root certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.certificate_complete_chain</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">input_chain</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.pem&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">intermediate_certificates</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-chain.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">root_certificates</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ca-certificates/</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www_ansible_com</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write complete chain to disk</span><span class="w"></span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-completechain.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="s1">&#39;&#39;</span><span class="nv">.join</span><span class="o">(</span><span class="nv">www_ansible_com.complete_chain</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write root chain (intermediates and root) to disk</span><span class="w"></span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-rootchain.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="s1">&#39;&#39;</span><span class="nv">.join</span><span class="o">(</span><span class="nv">www_ansible_com.chain</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="c1"># Given a leaf certificate for www.ansible.com, and a list of intermediate</span>
<span class="c1"># certificates, finds the associated root certificate.</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Find root certificate</span>
<span class="w"> </span><span class="nt">community.crypto.certificate_complete_chain</span><span class="p">:</span>
<span class="w"> </span><span class="nt">input_chain</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.pem&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">intermediate_certificates</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-chain.pem</span>
<span class="w"> </span><span class="nt">root_certificates</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ca-certificates/</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www_ansible_com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write complete chain to disk</span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-completechain.pem</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="s1">&#39;&#39;</span><span class="nv">.join</span><span class="o">(</span><span class="nv">www_ansible_com.complete_chain</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write root chain (intermediates and root) to disk</span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-rootchain.pem</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="s1">&#39;&#39;</span><span class="nv">.join</span><span class="o">(</span><span class="nv">www_ansible_com.chain</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
</pre></div>
</div>
</section>

14
branch/main/crypto_info_module.html
View File

@@ -213,14 +213,14 @@
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id3">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Retrieve information</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.crypto_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">crypto_information</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Retrieve information</span>
<span class="w"> </span><span class="nt">community.crypto.crypto_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">crypto_information</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show retrieved information</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">crypto_information</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show retrieved information</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">crypto_information</span>
</pre></div>
</div>
</section>

210
branch/main/docsite/guide_ownca.html
View File

@@ -156,32 +156,32 @@
<h2>Set up the CA<a class="headerlink" href="#set-up-the-ca" title="Permalink to this heading"></a></h2>
<p>Any certificate can be used as a CA certificate. You can create a self-signed certificate (see <a class="reference internal" href="guide_selfsigned.html#ansible-collections-community-crypto-docsite-guide-selfsigned"><span class="std std-ref">How to create self-signed certificates</span></a>), use another CA certificate to sign a new certificate (using the instructions below for signing a certificate), ask (and pay) a commercial CA to sign your CA certificate, etc.</p>
<p>The following instructions show how to set up a simple self-signed CA certificate.</p>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create private key with password protection</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">secret_ca_passphrase</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create private key with password protection</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.key</span>
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">secret_ca_passphrase</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate signing request (CSR) for CA certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">secret_ca_passphrase</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Ansible CA</span><span class="w"></span>
<span class="w"> </span><span class="nt">use_common_name_for_san</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"> </span><span class="c1"># since we do not specify SANs, don&#39;t use CN as a SAN</span><span class="w"></span>
<span class="w"> </span><span class="nt">basic_constraints</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&#39;CA:TRUE&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">basic_constraints_critical</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">key_usage</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keyCertSign</span><span class="w"></span>
<span class="w"> </span><span class="nt">key_usage_critical</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ca_csr</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate signing request (CSR) for CA certificate</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.key</span>
<span class="w"> </span><span class="nt">privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">secret_ca_passphrase</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Ansible CA</span>
<span class="w"> </span><span class="nt">use_common_name_for_san</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"> </span><span class="c1"># since we do not specify SANs, don&#39;t use CN as a SAN</span>
<span class="w"> </span><span class="nt">basic_constraints</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&#39;CA:TRUE&#39;</span>
<span class="w"> </span><span class="nt">basic_constraints_critical</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">key_usage</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keyCertSign</span>
<span class="w"> </span><span class="nt">key_usage_critical</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ca_csr</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create self-signed CA certificate from CSR</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">ca_csr.csr</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">secret_ca_passphrase</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create self-signed CA certificate from CSR</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.pem</span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">ca_csr.csr</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.key</span>
<span class="w"> </span><span class="nt">privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">secret_ca_passphrase</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span>
</pre></div>
</div>
</section>
@@ -189,98 +189,98 @@
<h2>Use the CA to sign a certificate<a class="headerlink" href="#use-the-ca-to-sign-a-certificate" title="Permalink to this heading"></a></h2>
<p>To sign a certificate, you must pass a CSR to the <a class="reference internal" href="../x509_certificate_module.html#ansible-collections-community-crypto-x509-certificate-module"><span class="std std-ref">community.crypto.x509_certificate module</span></a> or <a class="reference internal" href="../x509_certificate_pipe_module.html#ansible-collections-community-crypto-x509-certificate-pipe-module"><span class="std std-ref">community.crypto.x509_certificate_pipe module</span></a>.</p>
<p>In the following example, we assume that the certificate to sign (including its private key) are on <code class="docutils literal notranslate"><span class="pre">server_1</span></code>, while our CA certificate is on <code class="docutils literal notranslate"><span class="pre">server_2</span></code>. We do not want any key material to leave each respective server.</p>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create private key for new certificate on server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create private key for new certificate on server_1</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate signing request (CSR) for new certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:ansible.com&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:www.ansible.com&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:docs.ansible.com&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">csr</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate signing request (CSR) for new certificate</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:ansible.com&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:www.ansible.com&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:docs.ansible.com&quot;</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">csr</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Sign certificate with our CA</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">csr.csr</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ownca</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">secret_ca_passphrase</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_not_after</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">+365d</span><span class="w"> </span><span class="c1"># valid for one year</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_not_before</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;-1d&quot;</span><span class="w"> </span><span class="c1"># valid since yesterday</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_2</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Sign certificate with our CA</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">csr.csr</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ownca</span>
<span class="w"> </span><span class="nt">ownca_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.pem</span>
<span class="w"> </span><span class="nt">ownca_privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.key</span>
<span class="w"> </span><span class="nt">ownca_privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">secret_ca_passphrase</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">ownca_not_after</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">+365d</span><span class="w"> </span><span class="c1"># valid for one year</span>
<span class="w"> </span><span class="nt">ownca_not_before</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;-1d&quot;</span><span class="w"> </span><span class="c1"># valid since yesterday</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_2</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write certificate file on server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">certificate.certificate</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write certificate file on server_1</span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">certificate.certificate</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
</pre></div>
</div>
<p>Please note that the above procedure is <strong>not idempotent</strong>. The following extended example reads the existing certificate from <code class="docutils literal notranslate"><span class="pre">server_1</span></code> (if exists) and provides it to the <a class="reference internal" href="../x509_certificate_pipe_module.html#ansible-collections-community-crypto-x509-certificate-pipe-module"><span class="std std-ref">community.crypto.x509_certificate_pipe module</span></a>, and only writes the result back if it was changed:</p>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create private key for new certificate on server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create private key for new certificate on server_1</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate signing request (CSR) for new certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:ansible.com&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:www.ansible.com&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:docs.ansible.com&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">csr</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate signing request (CSR) for new certificate</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:ansible.com&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:www.ansible.com&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:docs.ansible.com&quot;</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">csr</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Check whether certificate exists</span><span class="w"></span>
<span class="w"> </span><span class="nt">stat</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate_exists</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Check whether certificate exists</span>
<span class="w"> </span><span class="nt">stat</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate_exists</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Read existing certificate if exists</span><span class="w"></span>
<span class="w"> </span><span class="nt">slurp</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate_exists.stat.exists</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Read existing certificate if exists</span>
<span class="w"> </span><span class="nt">slurp</span><span class="p">:</span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate_exists.stat.exists</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Sign certificate with our CA</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="o">(</span><span class="nv">certificate.content</span> <span class="o">|</span> <span class="nf">b64decode</span><span class="o">)</span> <span class="k">if</span> <span class="nv">certificate_exists.stat.exists</span> <span class="k">else</span> <span class="nv">omit</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">csr.csr</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ownca</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">secret_ca_passphrase</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_not_after</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">+365d</span><span class="w"> </span><span class="c1"># valid for one year</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_not_before</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;-1d&quot;</span><span class="w"> </span><span class="c1"># valid since yesterday</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_2</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Sign certificate with our CA</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="o">(</span><span class="nv">certificate.content</span> <span class="o">|</span> <span class="nf">b64decode</span><span class="o">)</span> <span class="k">if</span> <span class="nv">certificate_exists.stat.exists</span> <span class="k">else</span> <span class="nv">omit</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">csr.csr</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ownca</span>
<span class="w"> </span><span class="nt">ownca_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.pem</span>
<span class="w"> </span><span class="nt">ownca_privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.key</span>
<span class="w"> </span><span class="nt">ownca_privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">secret_ca_passphrase</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">ownca_not_after</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">+365d</span><span class="w"> </span><span class="c1"># valid for one year</span>
<span class="w"> </span><span class="nt">ownca_not_before</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;-1d&quot;</span><span class="w"> </span><span class="c1"># valid since yesterday</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_2</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write certificate file on server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">certificate.certificate</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate is changed</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write certificate file on server_1</span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">certificate.certificate</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server_1</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate is changed</span>
</pre></div>
</div>
</section>

58
branch/main/docsite/guide_selfsigned.html
View File

@@ -148,47 +148,47 @@
<span id="ansible-collections-community-crypto-docsite-guide-selfsigned"></span><h1>How to create self-signed certificates<a class="headerlink" href="#how-to-create-self-signed-certificates" title="Permalink to this heading"></a></h1>
<p>The <a class="reference external" href="https://galaxy.ansible.com/community/crypto">community.crypto collection</a> offers multiple modules that create private keys, certificate signing requests, and certificates. This guide shows how to create self-signed certificates.</p>
<p>For creating any kind of certificate, you always have to start with a private key. You can use the <a class="reference internal" href="../openssl_privatekey_module.html#ansible-collections-community-crypto-openssl-privatekey-module"><span class="std std-ref">community.crypto.openssl_privatekey module</span></a> to create a private key. If you only specify <code class="docutils literal notranslate"><span class="pre">path</span></code>, the default parameters will be used. This will result in a 4096 bit RSA private key:</p>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create private key (RSA, 4096 bits)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create private key (RSA, 4096 bits)</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span>
</pre></div>
</div>
<p>You can specify <code class="docutils literal notranslate"><span class="pre">type</span></code> to select another key type, <code class="docutils literal notranslate"><span class="pre">size</span></code> to select a different key size (only available for RSA and DSA keys), or <code class="docutils literal notranslate"><span class="pre">passphrase</span></code> if you want to store the key password-protected:</p>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create private key (X25519) with password protection</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">X25519</span><span class="w"></span>
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">changeme</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create private key (X25519) with password protection</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">X25519</span>
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">changeme</span>
</pre></div>
</div>
<p>To create a very simple self-signed certificate with no specific information, you can proceed directly with the <a class="reference internal" href="../x509_certificate_module.html#ansible-collections-community-crypto-x509-certificate-module"><span class="std std-ref">community.crypto.x509_certificate module</span></a>:</p>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create simple self-signed certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create simple self-signed certificate</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span>
</pre></div>
</div>
<p>(If you used <code class="docutils literal notranslate"><span class="pre">passphrase</span></code> for the private key, you have to provide <code class="docutils literal notranslate"><span class="pre">privatekey_passphrase</span></code>.)</p>
<p>You can use <code class="docutils literal notranslate"><span class="pre">selfsigned_not_after</span></code> to define when the certificate expires (default: in roughly 10 years), and <code class="docutils literal notranslate"><span class="pre">selfsigned_not_before</span></code> to define from when the certificate is valid (default: now).</p>
<p>To define further properties of the certificate, like the subject, Subject Alternative Names (SANs), key usages, name constraints, etc., you need to first create a Certificate Signing Request (CSR) and provide it to the <a class="reference internal" href="../x509_certificate_module.html#ansible-collections-community-crypto-x509-certificate-module"><span class="std std-ref">community.crypto.x509_certificate module</span></a>. If you do not need the CSR file, you can use the <a class="reference internal" href="../openssl_csr_pipe_module.html#ansible-collections-community-crypto-openssl-csr-pipe-module"><span class="std std-ref">community.crypto.openssl_csr_pipe module</span></a> as in the example below. (To store it to disk, use the <a class="reference internal" href="../openssl_csr_module.html#ansible-collections-community-crypto-openssl-csr-module"><span class="std std-ref">community.crypto.openssl_csr module</span></a> instead.)</p>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate signing request (CSR) for self-signed certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">organization_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Ansible, Inc.</span><span class="w"></span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:ansible.com&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:www.ansible.com&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:docs.ansible.com&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">csr</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate signing request (CSR) for self-signed certificate</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.com</span>
<span class="w"> </span><span class="nt">organization_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Ansible, Inc.</span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:ansible.com&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:www.ansible.com&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;DNS:docs.ansible.com&quot;</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">csr</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create self-signed certificate from CSR</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">csr.csr</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create self-signed certificate from CSR</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.pem</span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">csr.csr</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate.key</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span>
</pre></div>
</div>
</section>

214
branch/main/ecs_certificate_module.html
View File

@@ -836,118 +836,118 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ec
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request a new certificate from Entrust with bare minimum parameters.</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Will request a new certificate if current one is valid but within 30</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">days of expiry. If replacing an existing file in path, will back it up.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">backup</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">full_chain_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.chain.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">cert_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">EV_SSL</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Jo Doe</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_phone</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">555-555-5555</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request a new certificate from Entrust with bare minimum parameters.</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Will request a new certificate if current one is valid but within 30</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">days of expiry. If replacing an existing file in path, will back it up.</span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">backup</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">full_chain_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.chain.crt</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">cert_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">EV_SSL</span>
<span class="w"> </span><span class="nt">requester_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Jo Doe</span>
<span class="w"> </span><span class="nt">requester_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span>
<span class="w"> </span><span class="nt">requester_phone</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">555-555-5555</span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">If there is no certificate present in path, request a new certificate</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">of type EV_SSL. Otherwise, if there is an Entrust managed certificate</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">in path and it is within 63 days of expiration, request a renew of that</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">cert_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">EV_SSL</span><span class="w"></span>
<span class="w"> </span><span class="nt">cert_expiry</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;2020-08-20&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">request_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">renew</span><span class="w"></span>
<span class="w"> </span><span class="nt">remaining_days</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">63</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Jo Doe</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_phone</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">555-555-5555</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">If there is no certificate present in path, request a new certificate</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">of type EV_SSL. Otherwise, if there is an Entrust managed certificate</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">in path and it is within 63 days of expiration, request a renew of that</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate.</span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">cert_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">EV_SSL</span>
<span class="w"> </span><span class="nt">cert_expiry</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;2020-08-20&#39;</span>
<span class="w"> </span><span class="nt">request_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">renew</span>
<span class="w"> </span><span class="nt">remaining_days</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">63</span>
<span class="w"> </span><span class="nt">requester_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Jo Doe</span>
<span class="w"> </span><span class="nt">requester_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span>
<span class="w"> </span><span class="nt">requester_phone</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">555-555-5555</span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">If there is no certificate present in path, download certificate</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">specified by tracking_id if it is still valid. Otherwise, if the</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate is within 79 days of expiration, request a renew of that</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate and save it in path. This can be used to &quot;migrate&quot; a</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate to be Ansible managed.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">tracking_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2378915</span><span class="w"></span>
<span class="w"> </span><span class="nt">request_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">renew</span><span class="w"></span>
<span class="w"> </span><span class="nt">remaining_days</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">79</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">If there is no certificate present in path, download certificate</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">specified by tracking_id if it is still valid. Otherwise, if the</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate is within 79 days of expiration, request a renew of that</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate and save it in path. This can be used to &quot;migrate&quot; a</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate to be Ansible managed.</span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">tracking_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2378915</span>
<span class="w"> </span><span class="nt">request_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">renew</span>
<span class="w"> </span><span class="nt">remaining_days</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">79</span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force a reissue of the certificate specified by tracking_id.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">tracking_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2378915</span><span class="w"></span>
<span class="w"> </span><span class="nt">request_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">reissue</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force a reissue of the certificate specified by tracking_id.</span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">tracking_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2378915</span>
<span class="w"> </span><span class="nt">request_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">reissue</span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request a new certificate with an alternative client. Note that the</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">issued certificate will have it&#39;s Subject Distinguished Name use the</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">organization details associated with that client, rather than what is</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">in the CSR.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">client_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Jo Doe</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_phone</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">555-555-5555</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request a new certificate with an alternative client. Note that the</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">issued certificate will have it&#39;s Subject Distinguished Name use the</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">organization details associated with that client, rather than what is</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">in the CSR.</span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">client_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">requester_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Jo Doe</span>
<span class="w"> </span><span class="nt">requester_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span>
<span class="w"> </span><span class="nt">requester_phone</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">555-555-5555</span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request a new certificate with a number of CSR parameters overridden</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">and tracking information</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">full_chain_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.chain.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.testcertificates.com</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.testcertificates.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">eku</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SERVER_AND_CLIENT_AUTH</span><span class="w"></span>
<span class="w"> </span><span class="nt">ct_log</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">org</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Test Organization Inc.</span><span class="w"></span>
<span class="w"> </span><span class="nt">ou</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Administration</span><span class="w"></span>
<span class="w"> </span><span class="nt">tracking_info</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Submitted</span><span class="nv"> </span><span class="s">via</span><span class="nv"> </span><span class="s">Ansible&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">additional_emails</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">itsupport@testcertificates.com</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jsmith@ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">custom_fields</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">text1</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Admin</span><span class="w"></span>
<span class="w"> </span><span class="nt">text2</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Invoice 25</span><span class="w"></span>
<span class="w"> </span><span class="nt">number1</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">342</span><span class="w"></span>
<span class="w"> </span><span class="nt">date1</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;2018-01-01&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">email1</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sales@ansible.testcertificates.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">dropdown1</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">red</span><span class="w"></span>
<span class="w"> </span><span class="nt">cert_expiry</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;2020-08-15&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Jo Doe</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">requester_phone</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">555-555-5555</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request a new certificate with a number of CSR parameters overridden</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">and tracking information</span>
<span class="w"> </span><span class="nt">community.crypto.ecs_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">full_chain_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.chain.crt</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.testcertificates.com</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.testcertificates.com</span>
<span class="w"> </span><span class="nt">eku</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SERVER_AND_CLIENT_AUTH</span>
<span class="w"> </span><span class="nt">ct_log</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">org</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Test Organization Inc.</span>
<span class="w"> </span><span class="nt">ou</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Administration</span>
<span class="w"> </span><span class="nt">tracking_info</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Submitted</span><span class="nv"> </span><span class="s">via</span><span class="nv"> </span><span class="s">Ansible&quot;</span>
<span class="w"> </span><span class="nt">additional_emails</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">itsupport@testcertificates.com</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jsmith@ansible.com</span>
<span class="w"> </span><span class="nt">custom_fields</span><span class="p">:</span>
<span class="w"> </span><span class="nt">text1</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Admin</span>
<span class="w"> </span><span class="nt">text2</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Invoice 25</span>
<span class="w"> </span><span class="nt">number1</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">342</span>
<span class="w"> </span><span class="nt">date1</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;2018-01-01&#39;</span>
<span class="w"> </span><span class="nt">email1</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sales@ansible.testcertificates.com</span>
<span class="w"> </span><span class="nt">dropdown1</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">red</span>
<span class="w"> </span><span class="nt">cert_expiry</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;2020-08-15&#39;</span>
<span class="w"> </span><span class="nt">requester_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Jo Doe</span>
<span class="w"> </span><span class="nt">requester_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span>
<span class="w"> </span><span class="nt">requester_phone</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">555-555-5555</span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span>
</pre></div>
</div>
</section>

72
branch/main/ecs_domain_module.html
View File

@@ -351,45 +351,45 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ec
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request domain validation using email validation for client ID of 2.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.ecs_domain</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">domain_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">client_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"></span>
<span class="w"> </span><span class="nt">verification_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">email</span><span class="w"></span>
<span class="w"> </span><span class="nt">verification_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin@ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request domain validation using email validation for client ID of 2.</span>
<span class="w"> </span><span class="nt">community.crypto.ecs_domain</span><span class="p">:</span>
<span class="w"> </span><span class="nt">domain_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.com</span>
<span class="w"> </span><span class="nt">client_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">verification_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">email</span>
<span class="w"> </span><span class="nt">verification_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin@ansible.com</span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request domain validation using DNS. If domain is already valid,</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">request revalidation if expires within 90 days</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.ecs_domain</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">domain_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">verification_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dns</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request domain validation using DNS. If domain is already valid,</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">request revalidation if expires within 90 days</span>
<span class="w"> </span><span class="nt">community.crypto.ecs_domain</span><span class="p">:</span>
<span class="w"> </span><span class="nt">domain_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.com</span>
<span class="w"> </span><span class="nt">verification_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dns</span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request domain validation using web server validation, and revalidate</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">if fewer than 60 days remaining of EV eligibility.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.ecs_domain</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">domain_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">verification_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">web_server</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request domain validation using web server validation, and revalidate</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">if fewer than 60 days remaining of EV eligibility.</span>
<span class="w"> </span><span class="nt">community.crypto.ecs_domain</span><span class="p">:</span>
<span class="w"> </span><span class="nt">domain_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.com</span>
<span class="w"> </span><span class="nt">verification_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">web_server</span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request domain validation using manual validation.</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.ecs_domain</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">domain_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">verification_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">manual</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Request domain validation using manual validation.</span>
<span class="w"> </span><span class="nt">community.crypto.ecs_domain</span><span class="p">:</span>
<span class="w"> </span><span class="nt">domain_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible.com</span>
<span class="w"> </span><span class="nt">verification_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">manual</span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.key</span>
</pre></div>
</div>
</section>

38
branch/main/get_certificate_module.html
View File

@@ -330,27 +330,27 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ge
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get the cert from an RDP port</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.get_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1.2.3.4&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">3389</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get the cert from an RDP port</span>
<span class="w"> </span><span class="nt">community.crypto.get_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1.2.3.4&quot;</span>
<span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">3389</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get a cert from an https port</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.get_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;www.google.com&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">443</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span><span class="w"></span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get a cert from an https port</span>
<span class="w"> </span><span class="nt">community.crypto.get_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;www.google.com&quot;</span>
<span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">443</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span>
<span class="w"> </span><span class="nt">run_once</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">How many days until cert expires</span><span class="w"></span>
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;cert</span><span class="nv"> </span><span class="s">expires</span><span class="nv"> </span><span class="s">in:</span><span class="nv"> </span><span class="cp">{{</span> <span class="nv">expire_days</span> <span class="cp">}}</span><span class="nv"> </span><span class="s">days.&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">vars</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">expire_days</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="o">((</span> <span class="nv">cert.not_after</span> <span class="o">|</span> <span class="nf">to_datetime</span><span class="o">(</span><span class="s1">&#39;%Y%m%d%H%M%SZ&#39;</span><span class="o">))</span> <span class="o">-</span> <span class="o">(</span><span class="nv">ansible_date_time.iso8601</span> <span class="o">|</span> <span class="nf">to_datetime</span><span class="o">(</span><span class="s1">&#39;%Y-%m-%dT%H:%M:%SZ&#39;</span><span class="o">))</span> <span class="o">)</span><span class="nv">.days</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">How many days until cert expires</span>
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;cert</span><span class="nv"> </span><span class="s">expires</span><span class="nv"> </span><span class="s">in:</span><span class="nv"> </span><span class="cp">{{</span> <span class="nv">expire_days</span> <span class="cp">}}</span><span class="nv"> </span><span class="s">days.&quot;</span>
<span class="w"> </span><span class="nt">vars</span><span class="p">:</span>
<span class="w"> </span><span class="nt">expire_days</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="o">((</span> <span class="nv">cert.not_after</span> <span class="o">|</span> <span class="nf">to_datetime</span><span class="o">(</span><span class="s1">&#39;%Y%m%d%H%M%SZ&#39;</span><span class="o">))</span> <span class="o">-</span> <span class="o">(</span><span class="nv">ansible_date_time.iso8601</span> <span class="o">|</span> <span class="nf">to_datetime</span><span class="o">(</span><span class="s1">&#39;%Y-%m-%dT%H:%M:%SZ&#39;</span><span class="o">))</span> <span class="o">)</span><span class="nv">.days</span> <span class="cp">}}</span><span class="s">&quot;</span>
</pre></div>
</div>
</section>

164
branch/main/luks_device_module.html
View File

@@ -534,103 +534,103 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id5">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create LUKS container (remains unchanged if it already exists)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create LUKS container (remains unchanged if it already exists)</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create LUKS container with a passphrase</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;foo&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create LUKS container with a passphrase</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;foo&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create LUKS container with specific encryption</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">cipher</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;aes&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">hash</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;sha256&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create LUKS container with specific encryption</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">cipher</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;aes&quot;</span>
<span class="w"> </span><span class="nt">hash</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;sha256&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(Create and) open the LUKS container; name it &quot;mycrypt&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;opened&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(Create and) open the LUKS container; name it &quot;mycrypt&quot;</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;opened&quot;</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Close the existing LUKS container &quot;mycrypt&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;closed&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Close the existing LUKS container &quot;mycrypt&quot;</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;closed&quot;</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure LUKS container exists and is closed</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;closed&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure LUKS container exists and is closed</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;closed&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create container if it does not exist and add new key to it</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">new_keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile2&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create container if it does not exist and add new key to it</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">new_keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile2&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Add new key to the LUKS container (container has to exist)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">new_keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile2&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Add new key to the LUKS container (container has to exist)</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">new_keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile2&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Add new passphrase to the LUKS container</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">new_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;foo&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Add new passphrase to the LUKS container</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">new_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;foo&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove existing keyfile from the LUKS container</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">remove_keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile2&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove existing keyfile from the LUKS container</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">remove_keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile2&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove existing passphrase from the LUKS container</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">remove_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;foo&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove existing passphrase from the LUKS container</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">remove_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;foo&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Completely remove the LUKS container and its contents</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;absent&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Completely remove the LUKS container and its contents</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;absent&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a container with label</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">label</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">personalLabelName</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a container with label</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">label</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">personalLabelName</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Open the LUKS container based on label without device; name it &quot;mycrypt&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">label</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;personalLabelName&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;opened&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Open the LUKS container based on label without device; name it &quot;mycrypt&quot;</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">label</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;personalLabelName&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;opened&quot;</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Close container based on UUID</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">uuid</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">03ecd578-fad4-4e6c-9348-842e3e8fa340</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;closed&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Close container based on UUID</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">uuid</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">03ecd578-fad4-4e6c-9348-842e3e8fa340</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;closed&quot;</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a container using luks2 format</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">luks2</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a container using luks2 format</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">luks2</span>
</pre></div>
</div>
</section>

118
branch/main/openssh_cert_module.html
View File

@@ -535,70 +535,70 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id5">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH user certificate that is valid forever and for all users</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span><span class="w"></span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/private_key</span><span class="w"></span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">always</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">forever</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH user certificate that is valid forever and for all users</span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/private_key</span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">always</span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">forever</span>
<span class="c1"># Generate an OpenSSH host certificate that is valid for 32 weeks from now and will be regenerated</span><span class="w"></span>
<span class="c1"># if it is valid for less than 2 weeks from the time the module is being run</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH host certificate with valid_from, valid_to and valid_at parameters</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">host</span><span class="w"></span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/private_key</span><span class="w"></span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">+0s</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">+32w</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_at</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">+2w</span><span class="w"></span>
<span class="w"> </span><span class="nt">ignore_timestamps</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="c1"># Generate an OpenSSH host certificate that is valid for 32 weeks from now and will be regenerated</span>
<span class="c1"># if it is valid for less than 2 weeks from the time the module is being run</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH host certificate with valid_from, valid_to and valid_at parameters</span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">host</span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/private_key</span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">+0s</span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">+32w</span>
<span class="w"> </span><span class="nt">valid_at</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">+2w</span>
<span class="w"> </span><span class="nt">ignore_timestamps</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH host certificate that is valid forever and only for example.com and examplehost</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">host</span><span class="w"></span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/private_key</span><span class="w"></span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">always</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">forever</span><span class="w"></span>
<span class="w"> </span><span class="nt">principals</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example.com</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">examplehost</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH host certificate that is valid forever and only for example.com and examplehost</span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">host</span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/private_key</span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">always</span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">forever</span>
<span class="w"> </span><span class="nt">principals</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example.com</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">examplehost</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH host Certificate that is valid from 21.1.2001 to 21.1.2019</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">host</span><span class="w"></span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/private_key</span><span class="w"></span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;2001-01-21&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;2019-01-21&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH host Certificate that is valid from 21.1.2001 to 21.1.2019</span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">host</span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/private_key</span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;2001-01-21&quot;</span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;2019-01-21&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH user Certificate with clear and force-command option</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span><span class="w"></span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/private_key</span><span class="w"></span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">always</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">forever</span><span class="w"></span>
<span class="w"> </span><span class="nt">options</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;clear&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;force-command=/tmp/bla/foo&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH user Certificate with clear and force-command option</span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/private_key</span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">always</span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">forever</span>
<span class="w"> </span><span class="nt">options</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;clear&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;force-command=/tmp/bla/foo&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH user certificate using a PKCS#11 token</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span><span class="w"></span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_public_key.pub</span><span class="w"></span>
<span class="w"> </span><span class="nt">pkcs11_provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">libpkcs11.so</span><span class="w"></span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">always</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">forever</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH user certificate using a PKCS#11 token</span>
<span class="w"> </span><span class="nt">community.crypto.openssh_cert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span>
<span class="w"> </span><span class="nt">signing_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_public_key.pub</span>
<span class="w"> </span><span class="nt">pkcs11_provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">libpkcs11.so</span>
<span class="w"> </span><span class="nt">public_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/public_key.pub</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/certificate</span>
<span class="w"> </span><span class="nt">valid_from</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">always</span>
<span class="w"> </span><span class="nt">valid_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">forever</span>
</pre></div>
</div>
</section>

38
branch/main/openssh_keypair_module.html
View File

@@ -473,29 +473,29 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH keypair with the default values (4096 bits, rsa)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssh_keypair</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/id_ssh_rsa</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH keypair with the default values (4096 bits, rsa)</span>
<span class="w"> </span><span class="nt">community.crypto.openssh_keypair</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/id_ssh_rsa</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH keypair with the default values (4096 bits, rsa) and encrypted private key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssh_keypair</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/id_ssh_rsa</span><span class="w"></span>
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">super_secret_password</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH keypair with the default values (4096 bits, rsa) and encrypted private key</span>
<span class="w"> </span><span class="nt">community.crypto.openssh_keypair</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/id_ssh_rsa</span>
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">super_secret_password</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH rsa keypair with a different size (2048 bits)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssh_keypair</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/id_ssh_rsa</span><span class="w"></span>
<span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2048</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH rsa keypair with a different size (2048 bits)</span>
<span class="w"> </span><span class="nt">community.crypto.openssh_keypair</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/id_ssh_rsa</span>
<span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2048</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force regenerate an OpenSSH keypair if it already exists</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssh_keypair</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/id_ssh_rsa</span><span class="w"></span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">True</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force regenerate an OpenSSH keypair if it already exists</span>
<span class="w"> </span><span class="nt">community.crypto.openssh_keypair</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/id_ssh_rsa</span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">True</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH keypair with a different algorithm (dsa)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssh_keypair</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/id_ssh_dsa</span><span class="w"></span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dsa</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSH keypair with a different algorithm (dsa)</span>
<span class="w"> </span><span class="nt">community.crypto.openssh_keypair</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/id_ssh_dsa</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dsa</span>
</pre></div>
</div>
</section>

8
branch/main/openssl_csr_info_filter.html
View File

@@ -257,15 +257,15 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show the Subject Alt Names of the CSR</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show the Subject Alt Names of the CSR</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span>
<span class="w"> </span><span class="cp">{{</span>
<span class="o">(</span>
<span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/path/to/cert.csr&#39;</span><span class="o">)</span>
<span class="o">|</span> <span class="nf">community</span><span class="nv">.crypto.openssl_csr_info</span>
<span class="o">)</span><span class="nv">.subject_alt_name</span> <span class="o">|</span> <span class="nf">join</span><span class="o">(</span><span class="s1">&#39;, &#39;</span><span class="o">)</span>
<span class="cp">}}</span><span class="w"></span>
<span class="cp">}}</span>
</pre></div>
</div>
</section>

24
branch/main/openssl_csr_info_module.html
View File

@@ -303,20 +303,20 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on the CSR</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on the CSR</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Dump information</span><span class="w"></span>
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Dump information</span>
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
</pre></div>
</div>
</section>

164
branch/main/openssl_csr_module.html
View File

@@ -863,98 +863,98 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with an inline key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">private_key_content</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with an inline key</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">privatekey_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">private_key_content</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with a passphrase protected private key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with a passphrase protected private key</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with Subject information</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">country_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">FR</span><span class="w"></span>
<span class="w"> </span><span class="nt">organization_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Ansible</span><span class="w"></span>
<span class="w"> </span><span class="nt">email_address</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with Subject information</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">country_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">FR</span>
<span class="w"> </span><span class="nt">organization_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Ansible</span>
<span class="w"> </span><span class="nt">email_address</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with subjectAltName extension</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;DNS:www.ansible.com,DNS:m.ansible.com&#39;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with subjectAltName extension</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;DNS:www.ansible.com,DNS:m.ansible.com&#39;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL CSR with subjectAltName extension with dynamic list</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">item.value</span> <span class="o">|</span> <span class="nf">map</span><span class="o">(</span><span class="s1">&#39;regex_replace&#39;</span><span class="o">,</span> <span class="s1">&#39;^&#39;</span><span class="o">,</span> <span class="s1">&#39;DNS:&#39;</span><span class="o">)</span> <span class="o">|</span> <span class="nf">list</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">with_dict</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">dns_server</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">m.ansible.com</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL CSR with subjectAltName extension with dynamic list</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">item.value</span> <span class="o">|</span> <span class="nf">map</span><span class="o">(</span><span class="s1">&#39;regex_replace&#39;</span><span class="o">,</span> <span class="s1">&#39;^&#39;</span><span class="o">,</span> <span class="s1">&#39;DNS:&#39;</span><span class="o">)</span> <span class="o">|</span> <span class="nf">list</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">with_dict</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dns_server</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">m.ansible.com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force regenerate an OpenSSL Certificate Signing Request</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force regenerate an OpenSSL Certificate Signing Request</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with special key usages</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">key_usage</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">digitalSignature</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keyAgreement</span><span class="w"></span>
<span class="w"> </span><span class="nt">extended_key_usage</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">clientAuth</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with special key usages</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="w"> </span><span class="nt">key_usage</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">digitalSignature</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keyAgreement</span>
<span class="w"> </span><span class="nt">extended_key_usage</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">clientAuth</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with OCSP Must Staple</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">ocsp_must_staple</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with OCSP Must Staple</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="w"> </span><span class="nt">ocsp_must_staple</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request for WinRM Certificate authentication</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/winrm.auth.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/winrm.auth.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span><span class="w"></span>
<span class="w"> </span><span class="nt">extended_key_usage</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">clientAuth</span><span class="w"></span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">otherName:1.3.6.1.4.1.311.20.2.3;UTF8:username@localhost</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request for WinRM Certificate authentication</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/winrm.auth.csr</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/winrm.auth.pem</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span>
<span class="w"> </span><span class="nt">extended_key_usage</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">clientAuth</span>
<span class="w"> </span><span class="nt">subject_alt_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">otherName:1.3.6.1.4.1.311.20.2.3;UTF8:username@localhost</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with a CRL distribution point</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">crl_distribution_points</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">full_name</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;URI:https://ca.example.com/revocations.crl&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">crl_issuer</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;URI:https://ca.example.com/&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">reasons</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">key_compromise</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ca_compromise</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cessation_of_operation</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with a CRL distribution point</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="w"> </span><span class="nt">crl_distribution_points</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">full_name</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;URI:https://ca.example.com/revocations.crl&quot;</span>
<span class="w"> </span><span class="nt">crl_issuer</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;URI:https://ca.example.com/&quot;</span>
<span class="w"> </span><span class="nt">reasons</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">key_compromise</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ca_compromise</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cessation_of_operation</span>
</pre></div>
</div>
</section>

36
branch/main/openssl_csr_pipe_module.html
View File

@@ -713,25 +713,25 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.csr</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.csr</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with an inline CSR</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.csr&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">private_key_content</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Store CSR</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.copy</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">result.csr</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result is changed</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with an inline CSR</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.csr&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">privatekey_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">private_key_content</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Store CSR</span>
<span class="w"> </span><span class="nt">ansible.builtin.copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.csr</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">result.csr</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result is changed</span>
</pre></div>
</div>
</section>

22
branch/main/openssl_dhparam_module.html
View File

@@ -437,19 +437,19 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate Diffie-Hellman parameters with the default size (4096 bits)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_dhparam</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/dhparams.pem</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate Diffie-Hellman parameters with the default size (4096 bits)</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_dhparam</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/dhparams.pem</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate DH Parameters with a different size (2048 bits)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_dhparam</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/dhparams.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2048</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate DH Parameters with a different size (2048 bits)</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_dhparam</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/dhparams.pem</span>
<span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2048</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force regenerate an DH parameters if they already exist</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_dhparam</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/dhparams.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force regenerate an DH parameters if they already exist</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_dhparam</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/dhparams.pem</span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
</pre></div>
</div>
</section>

122
branch/main/openssl_pkcs12_module.html
View File

@@ -552,72 +552,72 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate PKCS#12 file</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">export</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span><span class="w"></span>
<span class="w"> </span><span class="nt">friendly_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">raclette</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/keys/key.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/cert.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">other_certificates</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ca.pem</span><span class="w"></span>
<span class="w"> </span><span class="c1"># Note that if /opt/certs/ca.pem contains multiple certificates,</span><span class="w"></span>
<span class="w"> </span><span class="c1"># only the first one will be used. See the other_certificates_parse_all</span><span class="w"></span>
<span class="w"> </span><span class="c1"># option for changing this behavior.</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate PKCS#12 file</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span>
<span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">export</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span>
<span class="w"> </span><span class="nt">friendly_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">raclette</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/keys/key.pem</span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/cert.pem</span>
<span class="w"> </span><span class="nt">other_certificates</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ca.pem</span>
<span class="w"> </span><span class="c1"># Note that if /opt/certs/ca.pem contains multiple certificates,</span>
<span class="w"> </span><span class="c1"># only the first one will be used. See the other_certificates_parse_all</span>
<span class="w"> </span><span class="c1"># option for changing this behavior.</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate PKCS#12 file</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">export</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span><span class="w"></span>
<span class="w"> </span><span class="nt">friendly_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">raclette</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">private_key_contents</span> <span class="cp">}}</span><span class="s">&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/cert.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">other_certificates_parse_all</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="w"> </span><span class="nt">other_certificates</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ca_bundle.pem</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># Since we set other_certificates_parse_all to true, all</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># certificates in the CA bundle are included and not just</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># the first one.</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/intermediate.pem</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># In case this file has multiple certificates in it,</span><span class="w"></span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># all will be included as well.</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate PKCS#12 file</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span>
<span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">export</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span>
<span class="w"> </span><span class="nt">friendly_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">raclette</span>
<span class="w"> </span><span class="nt">privatekey_content</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">private_key_contents</span> <span class="cp">}}</span><span class="s">&#39;</span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/cert.pem</span>
<span class="w"> </span><span class="nt">other_certificates_parse_all</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">other_certificates</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ca_bundle.pem</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># Since we set other_certificates_parse_all to true, all</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># certificates in the CA bundle are included and not just</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># the first one.</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/intermediate.pem</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># In case this file has multiple certificates in it,</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># all will be included as well.</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Change PKCS#12 file permission</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">export</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span><span class="w"></span>
<span class="w"> </span><span class="nt">friendly_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">raclette</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/keys/key.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/cert.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">other_certificates</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ca.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span><span class="w"></span>
<span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;0600&#39;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Change PKCS#12 file permission</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span>
<span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">export</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span>
<span class="w"> </span><span class="nt">friendly_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">raclette</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/keys/key.pem</span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/cert.pem</span>
<span class="w"> </span><span class="nt">other_certificates</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ca.pem</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
<span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;0600&#39;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Regen PKCS#12 file</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">export</span><span class="w"></span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span><span class="w"></span>
<span class="w"> </span><span class="nt">friendly_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">raclette</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/keys/key.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/cert.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">other_certificates</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ca.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span><span class="w"></span>
<span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;0600&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Regen PKCS#12 file</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span>
<span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">export</span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span>
<span class="w"> </span><span class="nt">friendly_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">raclette</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/keys/key.pem</span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/cert.pem</span>
<span class="w"> </span><span class="nt">other_certificates</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ca.pem</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
<span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;0600&#39;</span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Dump/Parse PKCS#12 file</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">parse</span><span class="w"></span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Dump/Parse PKCS#12 file</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span>
<span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">parse</span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.pem</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove PKCS#12 file</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">absent</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove PKCS#12 file</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_pkcs12</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/opt/certs/ansible.p12</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">absent</span>
</pre></div>
</div>
</section>

12
branch/main/openssl_privatekey_convert_module.html
View File

@@ -413,12 +413,12 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Convert private key to PKCS8 format with passphrase</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_convert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">src_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">private_key_passphrase</span> <span class="cp">}}</span><span class="s">&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">format</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pkcs8</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Convert private key to PKCS8 format with passphrase</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_convert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">src_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">dest_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.key</span>
<span class="w"> </span><span class="nt">dest_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">private_key_passphrase</span> <span class="cp">}}</span><span class="s">&#39;</span>
<span class="w"> </span><span class="nt">format</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pkcs8</span>
</pre></div>
</div>
</section>

8
branch/main/openssl_privatekey_info_filter.html
View File

@@ -278,15 +278,15 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show the Subject Alt Names of the CSR</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show the Subject Alt Names of the CSR</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span>
<span class="w"> </span><span class="cp">{{</span>
<span class="o">(</span>
<span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/path/to/cert.csr&#39;</span><span class="o">)</span>
<span class="o">|</span> <span class="nf">community</span><span class="nv">.crypto.openssl_privatekey_info</span>
<span class="o">)</span><span class="nv">.subject_alt_name</span> <span class="o">|</span> <span class="nf">join</span><span class="o">(</span><span class="s1">&#39;, &#39;</span><span class="o">)</span>
<span class="cp">}}</span><span class="w"></span>
<span class="cp">}}</span>
</pre></div>
</div>
</section>

20
branch/main/openssl_privatekey_info_module.html
View File

@@ -320,18 +320,18 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with the default values (4096 bits, RSA)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with the default values (4096 bits, RSA)</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on generated key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on generated key</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Dump information</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Dump information</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
</pre></div>
</div>
</section>

40
branch/main/openssl_privatekey_module.html
View File

@@ -565,30 +565,30 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with the default values (4096 bits, RSA)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with the default values (4096 bits, RSA)</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with the default values (4096 bits, RSA) and a passphrase</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible</span><span class="w"></span>
<span class="w"> </span><span class="nt">cipher</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">auto</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with the default values (4096 bits, RSA) and a passphrase</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible</span>
<span class="w"> </span><span class="nt">cipher</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">auto</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with a different size (2048 bits)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2048</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with a different size (2048 bits)</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2048</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force regenerate an OpenSSL private key if it already exists</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force regenerate an OpenSSL private key if it already exists</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with a different algorithm (DSA)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">DSA</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with a different algorithm (DSA)</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">DSA</span>
</pre></div>
</div>
</section>

50
branch/main/openssl_privatekey_pipe_module.html
View File

@@ -463,33 +463,33 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with the default values (4096 bits, RSA)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output</span><span class="w"></span>
<span class="w"> </span><span class="nt">no_log</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># make sure that private key data is not accidentally revealed in logs!</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show generated key</span><span class="w"></span>
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">output.privatekey</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># DO NOT OUTPUT KEY MATERIAL TO CONSOLE OR LOGS IN PRODUCTION!</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with the default values (4096 bits, RSA)</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output</span>
<span class="w"> </span><span class="nt">no_log</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># make sure that private key data is not accidentally revealed in logs!</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show generated key</span>
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">output.privatekey</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="c1"># DO NOT OUTPUT KEY MATERIAL TO CONSOLE OR LOGS IN PRODUCTION!</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">block</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Update sops-encrypted key with the community.sops collection</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;community.sops.sops&#39;</span><span class="o">,</span> <span class="s1">&#39;private_key.pem.sops&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2048</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output</span><span class="w"></span>
<span class="w"> </span><span class="nt">no_log</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># make sure that private key data is not accidentally revealed in logs!</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">block</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Update sops-encrypted key with the community.sops collection</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;community.sops.sops&#39;</span><span class="o">,</span> <span class="s1">&#39;private_key.pem.sops&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2048</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output</span>
<span class="w"> </span><span class="nt">no_log</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># make sure that private key data is not accidentally revealed in logs!</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Update encrypted key when openssl_privatekey_pipe reported a change</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.sops.sops_encrypt</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">private_key.pem.sops</span><span class="w"></span>
<span class="w"> </span><span class="nt">content_text</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">output.privatekey</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output is changed</span><span class="w"></span>
<span class="w"> </span><span class="nt">always</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure that output (which contains the private key) is overwritten</span><span class="w"></span>
<span class="w"> </span><span class="nt">set_fact</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">output</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;&#39;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Update encrypted key when openssl_privatekey_pipe reported a change</span>
<span class="w"> </span><span class="nt">community.sops.sops_encrypt</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">private_key.pem.sops</span>
<span class="w"> </span><span class="nt">content_text</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">output.privatekey</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output is changed</span>
<span class="w"> </span><span class="nt">always</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure that output (which contains the private key) is overwritten</span>
<span class="w"> </span><span class="nt">set_fact</span><span class="p">:</span>
<span class="w"> </span><span class="nt">output</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;&#39;</span>
</pre></div>
</div>
</section>

8
branch/main/openssl_publickey_info_filter.html
View File

@@ -214,15 +214,15 @@
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id4">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show the type of a public key</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show the type of a public key</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span>
<span class="w"> </span><span class="cp">{{</span>
<span class="o">(</span>
<span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/path/to/public-key.pem&#39;</span><span class="o">)</span>
<span class="o">|</span> <span class="nf">community</span><span class="nv">.crypto.openssl_publickey_info</span>
<span class="o">)</span><span class="nv">.type</span>
<span class="cp">}}</span><span class="w"></span>
<span class="cp">}}</span>
</pre></div>
</div>
</section>

28
branch/main/openssl_publickey_info_module.html
View File

@@ -283,23 +283,23 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with the default values (4096 bits, RSA)</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL private key with the default values (4096 bits, RSA)</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create public key from private key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/ansible.com.pub</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create public key from private key</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/ansible.com.pub</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on public key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/ansible.com.pub</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on public key</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/ansible.com.pub</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Dump information</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Dump information</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
</pre></div>
</div>
</section>

54
branch/main/openssl_publickey_module.html
View File

@@ -467,38 +467,38 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key in PEM format</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key in PEM format</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key in PEM format from an inline key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">private_key_content</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key in PEM format from an inline key</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span>
<span class="w"> </span><span class="nt">privatekey_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">private_key_content</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key in OpenSSH v2 format</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">format</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">OpenSSH</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key in OpenSSH v2 format</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">format</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">OpenSSH</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key with a passphrase protected private key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL public key with a passphrase protected private key</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force regenerate an OpenSSL public key if it already exists</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force regenerate an OpenSSL public key if it already exists</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove an OpenSSL public key</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">absent</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove an OpenSSL public key</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_publickey</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/public/ansible.com.pem</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">absent</span>
</pre></div>
</div>
</section>

30
branch/main/openssl_signature_info_module.html
View File

@@ -311,23 +311,23 @@ ed448 and ed25519 keys: <code class="docutils literal notranslate"><span class="
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Sign example file</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_signature</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">private.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/example_file</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sig</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Sign example file</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_signature</span><span class="p">:</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">private.key</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/example_file</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sig</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Verify signature of example file</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_signature_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/example_file</span><span class="w"></span>
<span class="w"> </span><span class="nt">signature</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sig.signature</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Verify signature of example file</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_signature_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert.pem</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/example_file</span>
<span class="w"> </span><span class="nt">signature</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sig.signature</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure the signature is valid</span><span class="w"></span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify.valid</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure the signature is valid</span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify.valid</span>
</pre></div>
</div>
</section>

30
branch/main/openssl_signature_module.html
View File

@@ -311,23 +311,23 @@ ed448 and ed25519 keys: <code class="docutils literal notranslate"><span class="
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Sign example file</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_signature</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">private.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/example_file</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sig</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Sign example file</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_signature</span><span class="p">:</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">private.key</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/example_file</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sig</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Verify signature of example file</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_signature_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/example_file</span><span class="w"></span>
<span class="w"> </span><span class="nt">signature</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sig.signature</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Verify signature of example file</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_signature_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert.pem</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/tmp/example_file</span>
<span class="w"> </span><span class="nt">signature</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">sig.signature</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure the signature is valid</span><span class="w"></span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify.valid</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure the signature is valid</span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify.valid</span>
</pre></div>
</div>
</section>

10
branch/main/split_pem_filter.html
View File

@@ -201,11 +201,11 @@
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id3">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print all CA certificates</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">item</span> <span class="cp">}}</span><span class="s">&#39;</span><span class="w"></span>
<span class="w"> </span><span class="nt">loop</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span><span class="w"></span>
<span class="w"> </span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/path/to/ca-bundle.pem&#39;</span><span class="o">)</span> <span class="o">|</span> <span class="nf">community</span><span class="nv">.crypto.split_pem</span> <span class="cp">}}</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print all CA certificates</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;</span><span class="cp">{{</span> <span class="nv">item</span> <span class="cp">}}</span><span class="s">&#39;</span>
<span class="w"> </span><span class="nt">loop</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span>
<span class="w"> </span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/path/to/ca-bundle.pem&#39;</span><span class="o">)</span> <span class="o">|</span> <span class="nf">community</span><span class="nv">.crypto.split_pem</span> <span class="cp">}}</span>
</pre></div>
</div>
</section>

8
branch/main/x509_certificate_info_filter.html
View File

@@ -257,15 +257,15 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-x5
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show the Subject Alt Names of the certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show the Subject Alt Names of the certificate</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span>
<span class="w"> </span><span class="cp">{{</span>
<span class="o">(</span>
<span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/path/to/cert.pem&#39;</span><span class="o">)</span>
<span class="o">|</span> <span class="nf">community</span><span class="nv">.crypto.x509_certificate_info</span>
<span class="o">)</span><span class="nv">.subject_alt_name</span> <span class="o">|</span> <span class="nf">join</span><span class="o">(</span><span class="s1">&#39;, &#39;</span><span class="o">)</span>
<span class="cp">}}</span><span class="w"></span>
<span class="cp">}}</span>
</pre></div>
</div>
</section>

60
branch/main/x509_certificate_info_module.html
View File

@@ -324,44 +324,44 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-x5
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate a Self Signed OpenSSL certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate a Self Signed OpenSSL certificate</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span>
<span class="c1"># Get information on the certificate</span><span class="w"></span>
<span class="c1"># Get information on the certificate</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on generated certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on generated certificate</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Dump information</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Dump information</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="c1"># Check whether the certificate is valid or not valid at certain times, fail</span><span class="w"></span>
<span class="c1"># if this is not the case. The first task (x509_certificate_info) collects</span><span class="w"></span>
<span class="c1"># the information, and the second task (assert) validates the result and</span><span class="w"></span>
<span class="c1"># makes the playbook fail in case something is not as expected.</span><span class="w"></span>
<span class="c1"># Check whether the certificate is valid or not valid at certain times, fail</span>
<span class="c1"># if this is not the case. The first task (x509_certificate_info) collects</span>
<span class="c1"># the information, and the second task (assert) validates the result and</span>
<span class="c1"># makes the playbook fail in case something is not as expected.</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Test whether that certificate is valid tomorrow and/or in three weeks</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_at</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">point_1</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+1d&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">point_2</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+3w&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Test whether that certificate is valid tomorrow and/or in three weeks</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">valid_at</span><span class="p">:</span>
<span class="w"> </span><span class="nt">point_1</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+1d&quot;</span>
<span class="w"> </span><span class="nt">point_2</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+3w&quot;</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Validate that certificate is valid tomorrow, but not in three weeks</span><span class="w"></span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.valid_at.point_1</span><span class="w"> </span><span class="c1"># valid in one day</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">not result.valid_at.point_2</span><span class="w"> </span><span class="c1"># not valid in three weeks</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Validate that certificate is valid tomorrow, but not in three weeks</span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.valid_at.point_1</span><span class="w"> </span><span class="c1"># valid in one day</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">not result.valid_at.point_2</span><span class="w"> </span><span class="c1"># not valid in three weeks</span>
</pre></div>
</div>
</section>

198
branch/main/x509_certificate_module.html
View File

@@ -869,114 +869,114 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-x5
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate a Self Signed OpenSSL certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate a Self Signed OpenSSL certificate</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL certificate signed with your own CA certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible_CA.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible_CA.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ownca</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL certificate signed with your own CA certificate</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">ownca_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible_CA.crt</span>
<span class="w"> </span><span class="nt">ownca_privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible_CA.pem</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ownca</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate a Let&#39;s Encrypt Certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">acme</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_accountkey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_challenge_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/challenges/ansible.com/</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate a Let&#39;s Encrypt Certificate</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">acme</span>
<span class="w"> </span><span class="nt">acme_accountkey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">acme_challenge_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/challenges/ansible.com/</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force (re-)generate a new Let&#39;s Encrypt Certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">acme</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_accountkey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">acme_challenge_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/challenges/ansible.com/</span><span class="w"></span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Force (re-)generate a new Let&#39;s Encrypt Certificate</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">acme</span>
<span class="w"> </span><span class="nt">acme_accountkey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">acme_challenge_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/challenges/ansible.com/</span>
<span class="w"> </span><span class="nt">force</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an Entrust certificate via the Entrust Certificate Services (ECS) API</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">entrust</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_requester_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Jo Doe</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_requester_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_requester_phone</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">555-555-5555</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_cert_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">STANDARD_SSL</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-key.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">entrust_api_specification_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/api-docs/cms-api-2.1.0.yaml</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an Entrust certificate via the Entrust Certificate Services (ECS) API</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">entrust</span>
<span class="w"> </span><span class="nt">entrust_requester_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Jo Doe</span>
<span class="w"> </span><span class="nt">entrust_requester_email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jdoe@ansible.com</span>
<span class="w"> </span><span class="nt">entrust_requester_phone</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">555-555-5555</span>
<span class="w"> </span><span class="nt">entrust_cert_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">STANDARD_SSL</span>
<span class="w"> </span><span class="nt">entrust_api_user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apiusername</span>
<span class="w"> </span><span class="nt">entrust_api_key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a^lv*32!cd9LnT</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-client.crt</span>
<span class="w"> </span><span class="nt">entrust_api_client_cert_key_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/ecs-key.crt</span>
<span class="w"> </span><span class="nt">entrust_api_specification_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/entrust/api-docs/cms-api-2.1.0.yaml</span>
<span class="c1"># The following example shows how to emulate the behavior of the removed</span><span class="w"></span>
<span class="c1"># &quot;assertonly&quot; provider with the x509_certificate_info, openssl_csr_info,</span><span class="w"></span>
<span class="c1"># openssl_privatekey_info and assert modules:</span><span class="w"></span>
<span class="c1"># The following example shows how to emulate the behavior of the removed</span>
<span class="c1"># &quot;assertonly&quot; provider with the x509_certificate_info, openssl_csr_info,</span>
<span class="c1"># openssl_privatekey_info and assert modules:</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get certificate information</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="c1"># for valid_at, invalid_at and valid_in</span><span class="w"></span>
<span class="w"> </span><span class="nt">valid_at</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">one_day_ten_hours</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+1d10h&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">fixed_timestamp</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20200331202428Z</span><span class="w"></span>
<span class="w"> </span><span class="nt">ten_seconds</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+10&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get certificate information</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/ansible.com.crt</span>
<span class="w"> </span><span class="c1"># for valid_at, invalid_at and valid_in</span>
<span class="w"> </span><span class="nt">valid_at</span><span class="p">:</span>
<span class="w"> </span><span class="nt">one_day_ten_hours</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+1d10h&quot;</span>
<span class="w"> </span><span class="nt">fixed_timestamp</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20200331202428Z</span>
<span class="w"> </span><span class="nt">ten_seconds</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+10&quot;</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get CSR information</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="c1"># Verifies that the CSR signature is valid; module will fail if not</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result_csr</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get CSR information</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr_info</span><span class="p">:</span>
<span class="w"> </span><span class="c1"># Verifies that the CSR signature is valid; module will fail if not</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result_csr</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get private key information</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result_privatekey</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get private key information</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.key</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result_privatekey</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">assert</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="c1"># When private key was specified for assertonly, this was checked:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.public_key == result_privatekey.public_key</span><span class="w"></span>
<span class="w"> </span><span class="c1"># When CSR was specified for assertonly, this was checked:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.public_key == result_csr.public_key</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.subject_ordered == result_csr.subject_ordered</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.extensions_by_oid == result_csr.extensions_by_oid</span><span class="w"></span>
<span class="w"> </span><span class="c1"># signature_algorithms check</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.signature_algorithm</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;sha256WithRSAEncryption&#39;</span><span class="nv"> </span><span class="s">or</span><span class="nv"> </span><span class="s">result.signature_algorithm</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;sha512WithRSAEncryption&#39;&quot;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># subject and subject_strict</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.subject.commonName</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;ansible.com&#39;&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.subject</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">1&quot;</span><span class="w"> </span><span class="c1"># the number must be the number of entries you check for</span><span class="w"></span>
<span class="w"> </span><span class="c1"># issuer and issuer_strict</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.issuer.commonName</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;ansible.com&#39;&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.issuer</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">1&quot;</span><span class="w"> </span><span class="c1"># the number must be the number of entries you check for</span><span class="w"></span>
<span class="w"> </span><span class="c1"># has_expired</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">not result.expired</span><span class="w"></span>
<span class="w"> </span><span class="c1"># version</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.version == 3</span><span class="w"></span>
<span class="w"> </span><span class="c1"># key_usage and key_usage_strict</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;&#39;Data</span><span class="nv"> </span><span class="s">Encipherment&#39;</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">result.key_usage&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.key_usage</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">1&quot;</span><span class="w"> </span><span class="c1"># the number must be the number of entries you check for</span><span class="w"></span>
<span class="w"> </span><span class="c1"># extended_key_usage and extended_key_usage_strict</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;&#39;DVCS&#39;</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">result.extended_key_usage&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.extended_key_usage</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">1&quot;</span><span class="w"> </span><span class="c1"># the number must be the number of entries you check for</span><span class="w"></span>
<span class="w"> </span><span class="c1"># subject_alt_name and subject_alt_name_strict</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;&#39;dns:ansible.com&#39;</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">result.subject_alt_name&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.subject_alt_name</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">1&quot;</span><span class="w"> </span><span class="c1"># the number must be the number of entries you check for</span><span class="w"></span>
<span class="w"> </span><span class="c1"># not_before and not_after</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.not_before</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;20190331202428Z&#39;&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.not_after</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;20190413202428Z&#39;&quot;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># valid_at, invalid_at and valid_in</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.valid_at.one_day_ten_hours&quot;</span><span class="w"> </span><span class="c1"># for valid_at</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;not</span><span class="nv"> </span><span class="s">result.valid_at.fixed_timestamp&quot;</span><span class="w"> </span><span class="c1"># for invalid_at</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.valid_at.ten_seconds&quot;</span><span class="w"> </span><span class="c1"># for valid_in</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="c1"># When private key was specified for assertonly, this was checked:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.public_key == result_privatekey.public_key</span>
<span class="w"> </span><span class="c1"># When CSR was specified for assertonly, this was checked:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.public_key == result_csr.public_key</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.subject_ordered == result_csr.subject_ordered</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.extensions_by_oid == result_csr.extensions_by_oid</span>
<span class="w"> </span><span class="c1"># signature_algorithms check</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.signature_algorithm</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;sha256WithRSAEncryption&#39;</span><span class="nv"> </span><span class="s">or</span><span class="nv"> </span><span class="s">result.signature_algorithm</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;sha512WithRSAEncryption&#39;&quot;</span>
<span class="w"> </span><span class="c1"># subject and subject_strict</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.subject.commonName</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;ansible.com&#39;&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.subject</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">1&quot;</span><span class="w"> </span><span class="c1"># the number must be the number of entries you check for</span>
<span class="w"> </span><span class="c1"># issuer and issuer_strict</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.issuer.commonName</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;ansible.com&#39;&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.issuer</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">1&quot;</span><span class="w"> </span><span class="c1"># the number must be the number of entries you check for</span>
<span class="w"> </span><span class="c1"># has_expired</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">not result.expired</span>
<span class="w"> </span><span class="c1"># version</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.version == 3</span>
<span class="w"> </span><span class="c1"># key_usage and key_usage_strict</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;&#39;Data</span><span class="nv"> </span><span class="s">Encipherment&#39;</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">result.key_usage&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.key_usage</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">1&quot;</span><span class="w"> </span><span class="c1"># the number must be the number of entries you check for</span>
<span class="w"> </span><span class="c1"># extended_key_usage and extended_key_usage_strict</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;&#39;DVCS&#39;</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">result.extended_key_usage&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.extended_key_usage</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">1&quot;</span><span class="w"> </span><span class="c1"># the number must be the number of entries you check for</span>
<span class="w"> </span><span class="c1"># subject_alt_name and subject_alt_name_strict</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;&#39;dns:ansible.com&#39;</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">result.subject_alt_name&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.subject_alt_name</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">1&quot;</span><span class="w"> </span><span class="c1"># the number must be the number of entries you check for</span>
<span class="w"> </span><span class="c1"># not_before and not_after</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.not_before</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;20190331202428Z&#39;&quot;</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.not_after</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">&#39;20190413202428Z&#39;&quot;</span>
<span class="w"> </span><span class="c1"># valid_at, invalid_at and valid_in</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.valid_at.one_day_ten_hours&quot;</span><span class="w"> </span><span class="c1"># for valid_at</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;not</span><span class="nv"> </span><span class="s">result.valid_at.fixed_timestamp&quot;</span><span class="w"> </span><span class="c1"># for invalid_at</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;result.valid_at.ten_seconds&quot;</span><span class="w"> </span><span class="c1"># for valid_in</span>
</pre></div>
</div>
</section>

104
branch/main/x509_certificate_pipe_module.html
View File

@@ -687,65 +687,65 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-x5
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate a Self Signed OpenSSL certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print the certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.certificate</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate a Self Signed OpenSSL certificate</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">selfsigned</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">csr_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.csr</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print the certificate</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.certificate</span>
<span class="c1"># In the following example, both CSR and certificate file are stored on the</span><span class="w"></span>
<span class="c1"># machine where ansible-playbook is executed, while the OwnCA data (certificate,</span><span class="w"></span>
<span class="c1"># private key) are stored on the remote machine.</span><span class="w"></span>
<span class="c1"># In the following example, both CSR and certificate file are stored on the</span>
<span class="c1"># machine where ansible-playbook is executed, while the OwnCA data (certificate,</span>
<span class="c1"># private key) are stored on the remote machine.</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(1/2) Generate an OpenSSL Certificate with the CSR provided inline</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ownca</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.crt&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.csr&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_cert</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_cert.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_privatekey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_cert.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">hunter2</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(1/2) Generate an OpenSSL Certificate with the CSR provided inline</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ownca</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.crt&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.csr&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">ownca_cert</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_cert.crt</span>
<span class="w"> </span><span class="nt">ownca_privatekey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_cert.key</span>
<span class="w"> </span><span class="nt">ownca_privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">hunter2</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(2/2) Store certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.copy</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">result.certificate</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span><span class="w"></span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result is changed</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(2/2) Store certificate</span>
<span class="w"> </span><span class="nt">ansible.builtin.copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.crt</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">result.certificate</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result is changed</span>
<span class="c1"># In the following example, the certificate from another machine is signed by</span><span class="w"></span>
<span class="c1"># our OwnCA whose private key and certificate are only available on this</span><span class="w"></span>
<span class="c1"># machine (where ansible-playbook is executed), without having to write</span><span class="w"></span>
<span class="c1"># the certificate file to disk on localhost. The CSR could have been</span><span class="w"></span>
<span class="c1"># provided by community.crypto.openssl_csr_pipe earlier, or also have been</span><span class="w"></span>
<span class="c1"># read from the remote machine.</span><span class="w"></span>
<span class="c1"># In the following example, the certificate from another machine is signed by</span>
<span class="c1"># our OwnCA whose private key and certificate are only available on this</span>
<span class="c1"># machine (where ansible-playbook is executed), without having to write</span>
<span class="c1"># the certificate file to disk on localhost. The CSR could have been</span>
<span class="c1"># provided by community.crypto.openssl_csr_pipe earlier, or also have been</span>
<span class="c1"># read from the remote machine.</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(1/3) Read certificate&#39;s contents from remote machine</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.slurp</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate_content</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(1/3) Read certificate&#39;s contents from remote machine</span>
<span class="w"> </span><span class="nt">ansible.builtin.slurp</span><span class="p">:</span>
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.crt</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate_content</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(2/3) Generate an OpenSSL Certificate with the CSR provided inline</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_pipe</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ownca</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">certificate_content.content</span> <span class="o">|</span> <span class="nf">b64decode</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">the_csr</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_cert</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_cert.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_privatekey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_cert.key</span><span class="w"></span>
<span class="w"> </span><span class="nt">ownca_privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">hunter2</span><span class="w"></span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(2/3) Generate an OpenSSL Certificate with the CSR provided inline</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ownca</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">certificate_content.content</span> <span class="o">|</span> <span class="nf">b64decode</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">the_csr</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">ownca_cert</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_cert.crt</span>
<span class="w"> </span><span class="nt">ownca_privatekey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_cert.key</span>
<span class="w"> </span><span class="nt">ownca_privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">hunter2</span>
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(3/3) Store certificate</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.copy</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.crt</span><span class="w"></span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">result.certificate</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result is changed</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(3/3) Store certificate</span>
<span class="w"> </span><span class="nt">ansible.builtin.copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com.crt</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">result.certificate</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result is changed</span>
</pre></div>
</div>
</section>

8
branch/main/x509_crl_info_filter.html
View File

@@ -270,15 +270,15 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-x5
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show the Organization Name of the CRL&#39;s subject</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show the Organization Name of the CRL&#39;s subject</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span>
<span class="w"> </span><span class="cp">{{</span>
<span class="o">(</span>
<span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/path/to/cert.pem&#39;</span><span class="o">)</span>
<span class="o">|</span> <span class="nf">community</span><span class="nv">.crypto.x509_crl_info</span>
<span class="o">)</span><span class="nv">.issuer.organizationName</span>
<span class="cp">}}</span><span class="w"></span>
<span class="cp">}}</span>
</pre></div>
</div>
</section>

24
branch/main/x509_crl_info_module.html
View File

@@ -310,20 +310,20 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-x5
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id7">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on CRL</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_crl_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/my-ca.crl</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on CRL</span>
<span class="w"> </span><span class="nt">community.crypto.x509_crl_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/my-ca.crl</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print the information</span><span class="w"></span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">result</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print the information</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">result</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on CRL without list of revoked certificates</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_crl_info</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/very-large.crl</span><span class="w"></span>
<span class="w"> </span><span class="nt">list_revoked_certificates</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"></span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get information on CRL without list of revoked certificates</span>
<span class="w"> </span><span class="nt">community.crypto.x509_crl_info</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/very-large.crl</span>
<span class="w"> </span><span class="nt">list_revoked_certificates</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
</pre></div>
</div>
</section>

38
branch/main/x509_crl_module.html
View File

@@ -645,25 +645,25 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-x5
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id6">Examples</a><a class="headerlink" href="#examples" title="Permalink to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate a CRL</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.crypto.x509_crl</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/my-ca.crl</span><span class="w"></span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/my-ca.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">issuer</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">CN</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">My CA</span><span class="w"></span>
<span class="w"> </span><span class="nt">last_update</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+0s&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">next_update</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+7d&quot;</span><span class="w"></span>
<span class="w"> </span><span class="nt">revoked_certificates</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">serial_number</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1234</span><span class="w"></span>
<span class="w"> </span><span class="nt">revocation_date</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20190331202428Z</span><span class="w"></span>
<span class="w"> </span><span class="nt">issuer</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">CN</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">My CA</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">serial_number</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2345</span><span class="w"></span>
<span class="w"> </span><span class="nt">revocation_date</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20191013152910Z</span><span class="w"></span>
<span class="w"> </span><span class="nt">reason</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">affiliation_changed</span><span class="w"></span>
<span class="w"> </span><span class="nt">invalidity_date</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20191001000000Z</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/revoked-cert.pem</span><span class="w"></span>
<span class="w"> </span><span class="nt">revocation_date</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20191010010203Z</span><span class="w"></span>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate a CRL</span>
<span class="w"> </span><span class="nt">community.crypto.x509_crl</span><span class="p">:</span>
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/my-ca.crl</span>
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/my-ca.pem</span>
<span class="w"> </span><span class="nt">issuer</span><span class="p">:</span>
<span class="w"> </span><span class="nt">CN</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">My CA</span>
<span class="w"> </span><span class="nt">last_update</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+0s&quot;</span>
<span class="w"> </span><span class="nt">next_update</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;+7d&quot;</span>
<span class="w"> </span><span class="nt">revoked_certificates</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">serial_number</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1234</span>
<span class="w"> </span><span class="nt">revocation_date</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20190331202428Z</span>
<span class="w"> </span><span class="nt">issuer</span><span class="p">:</span>
<span class="w"> </span><span class="nt">CN</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">My CA</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">serial_number</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2345</span>
<span class="w"> </span><span class="nt">revocation_date</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20191013152910Z</span>
<span class="w"> </span><span class="nt">reason</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">affiliation_changed</span>
<span class="w"> </span><span class="nt">invalidity_date</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20191001000000Z</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/crt/revoked-cert.pem</span>
<span class="w"> </span><span class="nt">revocation_date</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20191010010203Z</span>
</pre></div>
</div>
</section>