diff --git a/branch/main/_static/antsibull-minimal.css b/branch/main/_static/antsibull-minimal.css index ebc82d80..3b17984c 100644 --- a/branch/main/_static/antsibull-minimal.css +++ b/branch/main/_static/antsibull-minimal.css @@ -1,3 +1,3 @@ @charset "UTF-8"; /* Copyright (c) Ansible and contributors */ -/* GNU General Public License v3.0+ (see https://www.gnu.org/licenses/gpl-3.0.txt) */.ansible-links{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:start;-webkit-justify-content:flex-start;-ms-flex-pack:start;justify-content:flex-start;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap}.ansible-links>a{padding:4px 12px;margin:2px 4px;cursor:pointer;border-radius:3px;background-color:#5bbdbf;color:#fff}.ansible-links>a:active,.ansible-links>a:focus,.ansible-links>a:hover{background-color:#91d9db}.ansible-links>a:focus{outline:3px solid #204748}table.documentation-table{border-bottom:1px solid #000;border-right:1px solid #000}table.documentation-table th{background-color:#6ab0de}table.documentation-table td,table.documentation-table th{padding:4px;border-left:1px solid #000;border-top:1px solid #000}table.documentation-table td.elbow-placeholder{border-top:0;width:30px;min-width:30px}table.documentation-table td{vertical-align:top}table.documentation-table td:first-child{white-space:nowrap}table.documentation-table tr .ansibleOptionLink{display:inline-block}table.documentation-table tr .ansibleOptionLink:after{content:"🔗";opacity:0}table.documentation-table tr:hover .ansibleOptionLink:after{opacity:1}table.documentation-table tr:nth-child(odd){background-color:#fff}table.documentation-table tr:nth-child(2n){background-color:#e7f2fa}table.ansible-option-table{display:table;border-color:#000!important;height:1px}table.ansible-option-table tr{height:100%}table.ansible-option-table td,table.ansible-option-table th{border-color:#000!important;border-bottom:none!important;vertical-align:top!important}table.ansible-option-table th>p{font-size:medium!important}table.ansible-option-table thead tr{background-color:#6ab0de}table.ansible-option-table tbody .row-odd td{background-color:#fff!important}table.ansible-option-table tbody .row-even td{background-color:#e7f2fa!important}table.ansible-option-table ul>li>p{margin:0!important}table.ansible-option-table ul>li>div[class^=highlight]{margin-bottom:4px!important}table.ansible-option-table p.ansible-option-title{display:inline}table.ansible-option-table .ansible-option-type-line{font-size:small;margin-bottom:0}table.ansible-option-table .ansible-option-elements,table.ansible-option-table .ansible-option-type{color:purple}table.ansible-option-table .ansible-option-required{color:red}table.ansible-option-table .ansible-option-versionadded{font-style:italic;font-size:small;color:#006400}table.ansible-option-table .ansible-option-aliases{color:#006400;white-space:normal}table.ansible-option-table .ansible-option-line{margin-top:8px}table.ansible-option-table .ansible-option-choices{font-weight:700}table.ansible-option-table .ansible-option-choices-default-mark,table.ansible-option-table .ansible-option-default{color:#00f}table.ansible-option-table .ansible-option-default-bold{color:#00f;font-weight:700}table.ansible-option-table .ansible-option-returned-bold{font-weight:700}table.ansible-option-table .ansible-option-sample{color:#00f;word-wrap:break-word;word-break:break-all}table.ansible-option-table .ansible-option-sample-bold{color:#000;font-weight:700}table.ansible-option-table .ansible-option-configuration{font-weight:700}table.ansible-option-table .ansibleOptionLink{display:inline-block}table.ansible-option-table .ansibleOptionLink:after{content:"🔗";opacity:0}table.ansible-option-table p{margin:0 0 8px}table.ansible-option-table tr:hover .ansibleOptionLink:after{opacity:1}table.ansible-option-table td{padding:0!important;white-space:normal}table.ansible-option-table td>div.ansible-option-cell{padding:8px 16px;border-top:1px solid #000}table.ansible-option-table td:first-child{height:inherit;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row}table.ansible-option-table td:first-child>div.ansible-option-cell{height:inherit;-webkit-box-flex:1;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;white-space:nowrap;max-width:100%}table.ansible-option-table .ansible-option-indent{margin-left:2em;border-right:1px solid #000}table.ansible-option-table .ansible-attribute-support-label{display:none}table.ansible-option-table .ansible-attribute-support-label,table.ansible-option-table .ansible-attribute-support-property{font-weight:700}table.ansible-option-table .ansible-attribute-support-none{font-weight:700;color:red}table.ansible-option-table .ansible-attribute-support-partial{font-weight:700;color:#a5a500}table.ansible-option-table .ansible-attribute-support-full{font-weight:700;color:green}table.ansible-option-table .ansible-attribute-details{font-style:italic}@media (max-width:1200px){table.ansible-option-table{display:block;height:unset;border:none!important}table.ansible-option-table thead{display:none}table.ansible-option-table tbody,table.ansible-option-table td,table.ansible-option-table tr{display:block;border:none!important}table.ansible-option-table tbody .row-even td,table.ansible-option-table tbody .row-odd td{background-color:unset!important}table.ansible-option-table td>div.ansible-option-cell{border-top:none}table.ansible-option-table td:first-child>div.ansible-option-cell{background-color:#e7f2fa!important}table.ansible-option-table td:not(:first-child){display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row}table.ansible-option-table td:not(:first-child)>div.ansible-option-cell{margin-left:1em}table.ansible-option-table .ansible-option-indent,table.ansible-option-table .ansible-option-indent-desc{margin-left:1em;border:none;border-right:3px solid #e7f2fa}table.ansible-option-table .ansible-attribute-support-label{display:unset}}.ansible-version-added{font-style:italic}.ansible-option-value a.reference.external,.ansible-option-value a.reference.external:hover,.ansible-option-value a.reference.internal,.ansible-option-value a.reference.internal:hover,.ansible-option a.reference.external,.ansible-option a.reference.external:hover,.ansible-option a.reference.internal,.ansible-option a.reference.internal:hover,.ansible-return-value a.reference.external,.ansible-return-value a.reference.external:hover,.ansible-return-value a.reference.internal,.ansible-return-value a.reference.internal:hover{color:unset} \ No newline at end of file +/* GNU General Public License v3.0+ (see https://www.gnu.org/licenses/gpl-3.0.txt) */.ansible-links{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:start;-webkit-justify-content:flex-start;-ms-flex-pack:start;justify-content:flex-start;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap}.ansible-links>*{margin:2px 4px!important}.ansible-links>li{list-style:none!important}.ansible-links>li>p{display:inline}.ansible-links a{display:block;padding:4px 12px;cursor:pointer;border-radius:3px;background-color:#5bbdbf;color:#fff}.ansible-links a:active,.ansible-links a:focus,.ansible-links a:hover{background-color:#91d9db}.ansible-links a:focus{outline:3px solid #204748}table.documentation-table{border-bottom:1px solid #000;border-right:1px solid #000}table.documentation-table th{background-color:#6ab0de}table.documentation-table td,table.documentation-table th{padding:4px;border-left:1px solid #000;border-top:1px solid #000}table.documentation-table td.elbow-placeholder{border-top:0;width:30px;min-width:30px}table.documentation-table td{vertical-align:top}table.documentation-table td:first-child{white-space:nowrap}table.documentation-table tr .ansibleOptionLink{display:inline-block}table.documentation-table tr .ansibleOptionLink:after{content:"🔗";opacity:0}table.documentation-table tr:hover .ansibleOptionLink:after{opacity:1}table.documentation-table tr:nth-child(odd){background-color:#fff}table.documentation-table tr:nth-child(2n){background-color:#e7f2fa}table.ansible-option-table{display:table;border-color:#000!important;height:1px}table.ansible-option-table tr{height:100%}table.ansible-option-table td,table.ansible-option-table th{border-color:#000!important;border-bottom:none!important;vertical-align:top!important}table.ansible-option-table th>p{font-size:medium!important}table.ansible-option-table thead tr{background-color:#6ab0de}table.ansible-option-table tbody .row-odd td{background-color:#fff!important}table.ansible-option-table tbody .row-even td{background-color:#e7f2fa!important}table.ansible-option-table ul>li>p{margin:0!important}table.ansible-option-table ul>li>div[class^=highlight]{margin-bottom:4px!important}table.ansible-option-table p.ansible-option-title{display:inline}table.ansible-option-table .ansible-option-type-line{font-size:small;margin-bottom:0}table.ansible-option-table .ansible-option-elements,table.ansible-option-table .ansible-option-type{color:purple}table.ansible-option-table .ansible-option-required{color:red}table.ansible-option-table .ansible-option-versionadded{font-size:small;color:#006400}table.ansible-option-table .ansible-option-aliases{color:#006400;white-space:normal}table.ansible-option-table .ansible-option-line{margin-top:8px}table.ansible-option-table .ansible-option-choices-default-mark,table.ansible-option-table .ansible-option-default,table.ansible-option-table .ansible-option-default-bold{color:#00f}table.ansible-option-table .ansible-option-sample{color:#00f;word-wrap:break-word;word-break:break-all}table.ansible-option-table .ansible-option-sample-bold{color:#000}table.ansible-option-table .ansible-attribute-support-none{color:red}table.ansible-option-table .ansible-attribute-support-partial{color:#a5a500}table.ansible-option-table .ansible-attribute-support-full{color:green}table.ansible-option-table .ansibleOptionLink{display:inline-block}table.ansible-option-table .ansibleOptionLink:after{content:"🔗";opacity:0}table.ansible-option-table p{margin:0 0 8px}table.ansible-option-table tr:hover .ansibleOptionLink:after{opacity:1}table.ansible-option-table td{padding:0!important;white-space:normal}table.ansible-option-table td>div.ansible-option-cell{padding:8px 16px;border-top:1px solid #000}table.ansible-option-table td:first-child{height:inherit;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row}table.ansible-option-table td:first-child>div.ansible-option-cell{height:inherit;-webkit-box-flex:1;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;white-space:nowrap;max-width:100%}table.ansible-option-table .ansible-option-indent{margin-left:2em;border-right:1px solid #000}table.ansible-option-table .ansible-attribute-support-label{display:none}@media (max-width:1200px){table.ansible-option-table{display:block;height:unset;border:none!important}table.ansible-option-table thead{display:none}table.ansible-option-table tbody,table.ansible-option-table td,table.ansible-option-table tr{display:block;border:none!important}table.ansible-option-table tbody .row-even td,table.ansible-option-table tbody .row-odd td{background-color:unset!important}table.ansible-option-table td>div.ansible-option-cell{border-top:none}table.ansible-option-table td:first-child>div.ansible-option-cell{background-color:#e7f2fa!important}table.ansible-option-table td:not(:first-child){display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row}table.ansible-option-table td:not(:first-child)>div.ansible-option-cell{margin-left:1em}table.ansible-option-table .ansible-option-indent,table.ansible-option-table .ansible-option-indent-desc{margin-left:1em;border:none;border-right:3px solid #e7f2fa}table.ansible-option-table .ansible-attribute-support-label{display:unset}}.ansible-version-added{font-style:italic}.ansible-option-value a.reference.external,.ansible-option-value a.reference.external:hover,.ansible-option-value a.reference.internal,.ansible-option-value a.reference.internal:hover,.ansible-option a.reference.external,.ansible-option a.reference.external:hover,.ansible-option a.reference.internal,.ansible-option a.reference.internal:hover,.ansible-return-value a.reference.external,.ansible-return-value a.reference.external:hover,.ansible-return-value a.reference.internal,.ansible-return-value a.reference.internal:hover{color:unset} \ No newline at end of file diff --git a/branch/main/acme_account_facts_module.html b/branch/main/acme_account_facts_module.html index 4cae2b9f..ec8a3e27 100644 --- a/branch/main/acme_account_facts_module.html +++ b/branch/main/acme_account_facts_module.html @@ -2,6 +2,7 @@ + community.crypto.acme_account_facts — Community.Crypto Collection documentation diff --git a/branch/main/acme_account_info_module.html b/branch/main/acme_account_info_module.html index b112f789..323ffdf5 100644 --- a/branch/main/acme_account_info_module.html +++ b/branch/main/acme_account_info_module.html @@ -2,6 +2,7 @@ + community.crypto.acme_account_info module – Retrieves information on ACME accounts — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

Note

This module is part of the community.crypto collection (version 2.16.0).

+

It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

@@ -206,7 +209,7 @@ see

Parameters

- +
@@ -227,7 +230,7 @@ see @@ -340,7 +343,7 @@ see

Attributes

-

Parameter

Comments

account_key_passphrase

string

-

added in community.crypto 1.6.0

+

added in community.crypto 1.6.0

Phassphrase to use to decode the account key.

Note: this is not supported by the openssl backend, only by the cryptography backend.

@@ -273,7 +276,7 @@ see

The ACME version of the endpoint.

Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

-

Choices:

+

Choices:

request_timeout

integer

-

added in community.crypto 2.3.0

+

added in community.crypto 2.3.0

The time Ansible should wait for a response from the ACME API.

This timeout is applied to all HTTP(S) requests (HEAD, GET, POST).

-

Default: 10

+

Default: 10
@@ -298,9 +301,9 @@ see ignore will not fetch the list of orders.

If the value is not ignore and the ACME server supports orders, the order_uris return value is always populated. The orders return value is only returned if this option is set to object_list.

Currently, Let’s Encrypt does not return orders, so the orders result will always be empty.

-

Choices:

+

Choices:

    -

  • "ignore" ← (default)

    • +

  • "ignore" ← (default)

  • "url_list"

  • "object_list"

@@ -314,9 +317,9 @@ see auto, which tries to use cryptography if available, and falls back to openssl.

If set to openssl, will try to use the openssl binary.

If set to cryptography, will try to use the cryptography library.

-

Choices:

+

Choices:

    -

  • "auto" ← (default)

    • +

  • "auto" ← (default)

  • "cryptography"

  • "openssl"

@@ -328,10 +331,10 @@ see

Whether calls to the ACME directory will validate TLS certificates.

Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

-

Choices:

+

Choices:

  • false

    • -

  • true ← (default)

    • +

  • true ← (default)
+
@@ -351,7 +354,7 @@ see - @@ -359,7 +362,7 @@ see - -

Attribute

Support

action_group

Action groups: community.crypto.acme, acme

+

Action groups: community.crypto.acme, acme

Use group/acme or group/community.crypto.acme in module_defaults to set defaults for this module.

check_mode

Support: full

+

Support: full

This action does not modify state.

Can run in check_mode and return changed status prediction without modifying target.

@@ -368,7 +371,7 @@ see

diff_mode

Support: N/A

+

Support: N/A

This action does not modify state.

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

@@ -435,7 +438,7 @@ see

Return Values

Common return values are documented here, the following are the fields unique to this module:

- +
@@ -447,7 +450,7 @@ see

dictionary

Key

Description

The account information, as retrieved from the ACME server.

-

Returned: if account exists

+

Returned: if account exists
@@ -455,8 +458,8 @@ see

list / elements=string

the challenge resource that must be created for validation

-

Returned: always

-

Sample: ["mailto:me@example.com", "tel:00123456789"]

+

Returned: always

+

Sample: ["mailto:me@example.com", "tel:00123456789"]
@@ -465,8 +468,8 @@ see

A URL where a list of orders can be retrieved for this account.

Use the retrieve_orders option to query this URL and retrieve the complete list of orders.

-

Returned: always

-

Sample: "https://example.ca/account/1/orders"

+

Returned: always

+

Sample: "https://example.ca/account/1/orders"
@@ -474,8 +477,8 @@ see

string

the public account key as a JSON Web Key.

-

Returned: always

-

Sample: "{\"kty\":\"EC\",\"crv\":\"P-256\",\"x\":\"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4\",\"y\":\"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM\"}"

+

Returned: always

+

Sample: "{\"kty\":\"EC\",\"crv\":\"P-256\",\"x\":\"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4\",\"y\":\"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM\"}"
@@ -483,14 +486,14 @@ see

string

the account’s status

-

Returned: always

-

Can only return:

+

Returned: always

+

Can only return:

  • "valid"

  • "deactivated"

  • "revoked"

-

Sample: "valid"

+

Sample: "valid"
@@ -498,7 +501,7 @@ see

string

ACME account URI, or None if account does not exist.

-

Returned: always

+

Returned: always
@@ -506,18 +509,18 @@ see

boolean

Whether the account exists.

-

Returned: always

+

Returned: always

order_uris

list / elements=string

-

added in community.crypto 1.5.0

+

added in community.crypto 1.5.0

The list of orders.

If retrieve_orders is url_list, this will be a list of URLs.

If retrieve_orders is object_list, this will be a list of objects.

-

Returned: if account exists, retrieve_orders is not ignore, and server supports order listing

+

Returned: if account exists, retrieve_orders is not ignore, and server supports order listing
@@ -525,7 +528,7 @@ see

list / elements=dictionary

The list of orders.

-

Returned: if account exists, retrieve_orders is object_list, and server supports order listing

+

Returned: if account exists, retrieve_orders is object_list, and server supports order listing
@@ -533,7 +536,7 @@ see

list / elements=string

A list of URLs for authorizations for this order.

-

Returned: success

+

Returned: success
@@ -541,7 +544,7 @@ see

string

The URL for retrieving the certificate.

-

Returned: when certificate was issued

+

Returned: when certificate was issued
@@ -550,7 +553,7 @@ see

In case an error occurred during processing, this contains information about the error.

The field is structured as a problem document (RFC7807).

-

Returned: when an error occurred

+

Returned: when an error occurred
@@ -560,7 +563,7 @@ see

When the order expires.

Timestamp should be formatted as described in RFC3339.

Only required to be included in result when orders[].status is pending or valid.

-

Returned: when server gives expiry date

+

Returned: when server gives expiry date
@@ -568,7 +571,7 @@ see

string

A URL used for finalizing an ACME order.

-

Returned: success

+

Returned: success
@@ -576,7 +579,7 @@ see

list / elements=dictionary

List of identifiers this order is for.

-

Returned: success

+

Returned: success
@@ -584,8 +587,8 @@ see

string

Type of identifier.

-

Returned: success

-

Can only return:

+

Returned: success

+

Can only return:

  • "dns"

  • "ip"

    • @@ -597,7 +600,7 @@ see

    string

Name of identifier. Hostname or IP address.

-

Returned: success

+

Returned: success
@@ -605,7 +608,7 @@ see

boolean

Whether orders[].identifiers[].value is actually a wildcard. The wildcard prefix *. is not included in orders[].identifiers[].value if this is true.

-

Returned: required to be included if the identifier is wildcarded

+

Returned: required to be included if the identifier is wildcarded
@@ -615,7 +618,7 @@ see

The requested value of the notAfter field in the certificate.

Date should be formatted as described in RFC3339.

Server is not required to return this.

-

Returned: when server returns this

+

Returned: when server returns this
@@ -625,7 +628,7 @@ see

The requested value of the notBefore field in the certificate.

Date should be formatted as described in RFC3339.

Server is not required to return this.

-

Returned: when server returns this

+

Returned: when server returns this
@@ -633,8 +636,8 @@ see

string

The order’s status.

-

Returned: success

-

Can only return:

+

Returned: success

+

Can only return:

  • "pending"

  • "ready"

    • @@ -654,13 +657,14 @@ see

    Collection links

    -

    - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

    + + diff --git a/branch/main/acme_account_module.html b/branch/main/acme_account_module.html index 27c7a0ba..9e2e93a8 100644 --- a/branch/main/acme_account_module.html +++ b/branch/main/acme_account_module.html @@ -2,6 +2,7 @@ + community.crypto.acme_account module – Create, modify or delete ACME accounts — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

    Note

    This module is part of the community.crypto collection (version 2.16.0).

    +

    It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -206,7 +209,7 @@ see

    Parameters

    - +
    @@ -227,7 +230,7 @@ see @@ -300,13 +303,13 @@ see mailto:.

    See https://tools.ietf.org/html/rfc8555#section-7.3 for what is allowed.

    Must be specified when state is present. Will be ignored if state is absent or changed_key.

    -

    Default: []

    +

    Default: []

    @@ -431,10 +434,10 @@ see

    Whether calls to the ACME directory will validate TLS certificates.

    Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

    -

    Choices:

    +

    Choices:

    • false

      • -

    • true ← (default)

      • +

    • true ← (default)

     @@ -443,7 +446,7 @@ see

    Attributes

    -

    Parameter

    Comments

    account_key_passphrase

    string

    -

    added in community.crypto 1.6.0

    +

    added in community.crypto 1.6.0

    Phassphrase to use to decode the account key.

    Note: this is not supported by the openssl backend, only by the cryptography backend.

    @@ -273,7 +276,7 @@ see

    The ACME version of the endpoint.

    Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

    The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

    -

    Choices:

    +

    Choices:

    Whether account creation is allowed (when state is present).

    -

    Choices:

    +

    Choices:

    • false

      • -

    • true ← (default)

      • +

    • true ← (default)

    external_account_binding

    dictionary

    -

    added in community.crypto 1.1.0

    +

    added in community.crypto 1.1.0

    Allows to provide external account binding data during account creation.

    This is used by CAs like Sectigo to bind a new ACME account to an existing CA-specific account, to be able to properly identify a customer.

    @@ -319,7 +322,7 @@ see

    The MAC algorithm provided by the CA.

    If not specified by the CA, this is probably HS256.

    -

    Choices:

    +

    Choices:

    new_account_key_passphrase

    string

    -

    added in community.crypto 1.6.0

    +

    added in community.crypto 1.6.0

    Phassphrase to use to decode the new account key.

    Note: this is not supported by the openssl backend, only by the cryptography backend.

    @@ -374,11 +377,11 @@ see

    request_timeout

    integer

    -

    added in community.crypto 2.3.0

    +

    added in community.crypto 2.3.0

    The time Ansible should wait for a response from the ACME API.

    This timeout is applied to all HTTP(S) requests (HEAD, GET, POST).

    -

    Default: 10

    +

    Default: 10
    @@ -389,9 +392,9 @@ see auto, which tries to use cryptography if available, and falls back to openssl.

    If set to openssl, will try to use the openssl binary.

    If set to cryptography, will try to use the cryptography library.

    -

    Choices:

    +

    Choices:

      -

    • "auto" ← (default)

      • +

    • "auto" ← (default)

    • "cryptography"

    • "openssl"

    @@ -404,7 +407,7 @@ see

    The state of the account, to be identified by its account key.

    If the state is absent, the account will either not exist or be deactivated.

    If the state is changed_key, the account must exist. The account key will be changed; no other information will be touched.

    -

    Choices:

    +

    Choices:

    +
    @@ -454,7 +457,7 @@ see - @@ -462,7 +465,7 @@ see - @@ -470,7 +473,7 @@ see - @@ -543,7 +546,7 @@ see

    Return Values

    Common return values are documented here, the following are the fields unique to this module:

    -

    Attribute

    Support

    action_group

    Action groups: community.crypto.acme, acme

    +

    Action groups: community.crypto.acme, acme

    Use group/acme or group/community.crypto.acme in module_defaults to set defaults for this module.

    check_mode

    Support: full

    +

    Support: full

    Can run in check_mode and return changed status prediction without modifying target.

    diff_mode

    Support: full

    +

    Support: full

    Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.
    +
    @@ -555,7 +558,7 @@ see

    string

    @@ -568,13 +571,14 @@ see

    Collection links

    -

    - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

    + + diff --git a/branch/main/acme_certificate_module.html b/branch/main/acme_certificate_module.html index 8bcdfb4e..5ead8ce2 100644 --- a/branch/main/acme_certificate_module.html +++ b/branch/main/acme_certificate_module.html @@ -2,6 +2,7 @@ +community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

    Note

    This module is part of the community.crypto collection (version 2.16.0).

    +

    It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -209,7 +212,7 @@ see

    Parameters

    -

    Key

    Description

    ACME account URI, or None if account does not exist.

    -

    Returned: always

    +

    Returned: always
    +
    @@ -239,7 +242,7 @@ see @@ -389,9 +392,9 @@ see

    Enforces the execution of the challenge and validation, even if an existing certificate is still valid for more than remaining_days.

    This is especially helpful when having an updated CSR, for example with additional domains for which a new certificate is desired.

    -

    Choices:

    +

    Choices:

      -

    • false ← (default)

      • +

    • false ← (default)

    • true

    @@ -413,10 +416,10 @@ see

    Boolean indicating whether the module should create the account if necessary, and update its contact data.

    Set to false if you want to use the community.crypto.acme_account module to manage your account instead, and to avoid accidental creation of a new account using an old key if you changed the account key with community.crypto.acme_account.

    If set to false, terms_agreed and account_email are ignored.

    -

    Choices:

    +

    Choices:

    • false

      • -

    • true ← (default)

      • +

    • true ← (default)

    @@ -426,17 +429,17 @@ see

    The number of days the certificate must have left being valid. If cert_days < remaining_days, then it will be renewed. If the certificate is not renewed, module return values will not include challenge_data.

    To make sure that the certificate is renewed in any case, you can use the force option.

    -

    Default: 10

    +

    Default: 10

    @@ -454,7 +457,7 @@ see @@ -521,9 +524,9 @@ see auto, which tries to use cryptography if available, and falls back to openssl.

    If set to openssl, will try to use the openssl binary.

    If set to cryptography, will try to use the cryptography library.

    -

    Choices:

    +

    Choices:

      -

    • "auto" ← (default)

      • +

    • "auto" ← (default)

    • "cryptography"

    • "openssl"

    @@ -536,9 +539,9 @@ see

    Boolean indicating whether you agree to the terms of service document.

    ACME servers can require this to be true.

    This option will only be used when acme_version is not 1.

    -

    Choices:

    +

    Choices:

      -

    • false ← (default)

      • +

    • false ← (default)

    • true

    @@ -549,10 +552,10 @@ see

    Whether calls to the ACME directory will validate TLS certificates.

    Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

    -

    Choices:

    +

    Choices:

    • false

      • -

    • true ← (default)

      • +

    • true ← (default)

    @@ -561,7 +564,7 @@ see

    Attributes

    -

    Parameter

    Comments

    account_key_passphrase

    string

    -

    added in community.crypto 1.6.0

    +

    added in community.crypto 1.6.0

    Phassphrase to use to decode the account key.

    Note: this is not supported by the openssl backend, only by the cryptography backend.

    @@ -285,7 +288,7 @@ see

    The ACME version of the endpoint.

    Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

    The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

    -

    Choices:

    +

    Choices:

    csr_content

    string

    -

    added in community.crypto 1.2.0

    +

    added in community.crypto 1.2.0

    Content of the CSR for the new certificate.

    Can be created with community.crypto.openssl_csr_pipe or openssl req ....

    @@ -366,9 +369,9 @@ see

    Deactivate authentication objects (authz) after issuing a certificate, or when issuing the certificate failed.

    Authentication objects are bound to an account key and remain valid for a certain amount of time, and can be used to issue certificates without having to re-authenticate the domain. This can be a security concern.

    -

    Choices:

    +

    Choices:

      -

    • false ← (default)

      • +

    • false ← (default)

    • true

    request_timeout

    integer

    -

    added in community.crypto 2.3.0

    +

    added in community.crypto 2.3.0

    The time Ansible should wait for a response from the ACME API.

    This timeout is applied to all HTTP(S) requests (HEAD, GET, POST).

    -

    Default: 10

    +

    Default: 10
    @@ -444,9 +447,9 @@ see

    boolean

    When set to true, will retrieve all alternate trust chains offered by the ACME CA. These will not be written to disk, but will be returned together with the main chain as all_chains. See the documentation for the all_chains return value for details.

    -

    Choices:

    +

    Choices:

      -

    • false ← (default)

      • +

    • false ← (default)

    • true

    select_chain

    list / elements=dictionary

    -

    added in community.crypto 1.0.0

    +

    added in community.crypto 1.0.0

    Allows to specify criteria by which an (alternate) trust chain can be selected.

    The list of criteria will be processed one by one until a chain is found matching a criterium. If such a chain is found, it will be used by the module instead of the default chain.

    @@ -505,11 +508,11 @@ see all tests all certificates in the chain (excluding the leaf, which is identical in all chains).

    first only tests the first certificate in the chain, that is the one which signed the leaf.

    last only tests the last certificate in the chain, that is the one furthest away from the leaf. Its issuer is the root certificate of this chain.

    -

    Choices:

    +

    Choices:

    • "first"

    • "last"

      • -

    • "all" ← (default)

      • +

    • "all" ← (default)
    +
    @@ -572,7 +575,7 @@ see - @@ -580,7 +583,7 @@ see - @@ -588,7 +591,7 @@ see - @@ -596,7 +599,7 @@ see - @@ -798,7 +801,7 @@ see

    Return Values

    Common return values are documented here, the following are the fields unique to this module:

    -

    Attribute

    Support

    action_group

    Action groups: community.crypto.acme, acme

    +

    Action groups: community.crypto.acme, acme

    Use group/acme or group/community.crypto.acme in module_defaults to set defaults for this module.

    check_mode

    Support: full

    +

    Support: full

    Can run in check_mode and return changed status prediction without modifying target.

    diff_mode

    Support: none

    +

    Support: none

    Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

    safe_file_operations

    Support: full

    +

    Support: full

    Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
    +
    @@ -810,7 +813,7 @@ see

    string

    @@ -946,13 +949,14 @@ see

    Collection links

    -

    - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

    + + diff --git a/branch/main/acme_certificate_revoke_module.html b/branch/main/acme_certificate_revoke_module.html index b39c98d6..69fcefb5 100644 --- a/branch/main/acme_certificate_revoke_module.html +++ b/branch/main/acme_certificate_revoke_module.html @@ -2,6 +2,7 @@ +community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

    Note

    This module is part of the community.crypto collection (version 2.16.0).

    +

    It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -203,7 +206,7 @@ see

    Parameters

    -

    Key

    Description

    ACME account URI.

    -

    Returned: changed

    +

    Returned: changed
    @@ -819,7 +822,7 @@ see

    When retrieve_all_alternates is set to true, the module will query the ACME server for alternate chains. This return value will contain a list of all chains returned, the first entry being the main chain returned by the server.

    See Section 7.4.2 of RFC8555 for details.

    -

    Returned: when certificate was retrieved and retrieve_all_alternates is set to true

    +

    Returned: when certificate was retrieved and retrieve_all_alternates is set to true
    @@ -827,7 +830,7 @@ see

    string

    The leaf certificate itself, in PEM format.

    -

    Returned: always

    +

    Returned: always
    @@ -835,7 +838,7 @@ see

    string

    The certificate chain, excluding the root, as concatenated PEM certificates.

    -

    Returned: always

    +

    Returned: always
    @@ -843,7 +846,7 @@ see

    string

    The certificate chain, excluding the root, but including the leaf certificate, as concatenated PEM certificates.

    -

    Returned: always

    +

    Returned: always
    @@ -852,8 +855,8 @@ see

    ACME authorization data.

    Maps an identifier to ACME authorization objects. See https://tools.ietf.org/html/rfc8555#section-7.1.4.

    -

    Returned: changed

    -

    Sample: {"example.com": {"challenges": [{"status": "valid", "token": "A5b1C3d2E9f8G7h6", "type": "http-01", "url": "https://example.org/acme/challenge/12345", "validated": "2022-08-01T01:01:02.34Z"}], "expires": "2022-08-04T01:02:03.45Z", "identifier": {"type": "dns", "value": "example.com"}, "status": "valid", "wildcard": false}}

    +

    Returned: changed

    +

    Sample: {"example.com": {"challenges": [{"status": "valid", "token": "A5b1C3d2E9f8G7h6", "type": "http-01", "url": "https://example.org/acme/challenge/12345", "validated": "2022-08-01T01:01:02.34Z"}], "expires": "2022-08-04T01:02:03.45Z", "identifier": {"type": "dns", "value": "example.com"}, "status": "valid", "wildcard": false}}
    @@ -861,7 +864,7 @@ see

    integer

    The number of days the certificate remains valid.

    -

    Returned: success

    +

    Returned: success
    @@ -870,7 +873,7 @@ see

    Per identifier / challenge type challenge data.

    Since Ansible 2.8.5, only challenges which are not yet valid are returned.

    -

    Returned: changed

    +

    Returned: changed
    @@ -878,8 +881,8 @@ see

    string

    The full DNS record’s name for the challenge.

    -

    Returned: changed and challenge is dns-01

    -

    Sample: "_acme-challenge.example.com"

    +

    Returned: changed and challenge is dns-01

    +

    Sample: "_acme-challenge.example.com"
    @@ -887,8 +890,8 @@ see

    string

    The challenge resource that must be created for validation.

    -

    Returned: changed

    -

    Sample: ".well-known/acme-challenge/evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oA"

    +

    Returned: changed

    +

    Sample: ".well-known/acme-challenge/evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oA"
    @@ -896,8 +899,8 @@ see

    string

    The original challenge resource including type identifier for tls-alpn-01 challenges.

    -

    Returned: changed and challenge is tls-alpn-01

    -

    Sample: "DNS:example.com"

    +

    Returned: changed and challenge is tls-alpn-01

    +

    Sample: "DNS:example.com"
    @@ -907,8 +910,8 @@ see

    The value the resource has to produce for the validation.

    For http-01 and dns-01 challenges, the value can be used as-is.

    For tls-alpn-01 challenges, note that this return value contains a Base64 encoded version of the correct binary blob which has to be put into the acmeValidation x509 extension; see https://www.rfc-editor.org/rfc/rfc8737.html#section-3 for details. To do this, you might need the ansible.builtin.b64decode Jinja filter to extract the binary blob from this return value.

    -

    Returned: changed

    -

    Sample: "IlirfxKKXA...17Dt3juxGJ-PCt92wr-oA"

    +

    Returned: changed

    +

    Sample: "IlirfxKKXA...17Dt3juxGJ-PCt92wr-oA"
    @@ -917,7 +920,7 @@ see

    List of TXT values per DNS record, in case challenge is dns-01.

    Since Ansible 2.8.5, only challenges which are not yet valid are returned.

    -

    Returned: changed

    +

    Returned: changed
    @@ -925,7 +928,7 @@ see

    string

    ACME finalization URI.

    -

    Returned: changed

    +

    Returned: changed
    @@ -933,7 +936,7 @@ see

    string

    ACME order URI.

    -

    Returned: changed

    +

    Returned: changed
    +
    @@ -223,7 +226,7 @@ see @@ -362,7 +365,7 @@ see

    Attributes

    -

    Parameter

    Comments

    account_key_passphrase

    string

    -

    added in community.crypto 1.6.0

    +

    added in community.crypto 1.6.0

    Phassphrase to use to decode the account key.

    Note: this is not supported by the openssl backend, only by the cryptography backend.

    @@ -269,7 +272,7 @@ see

    The ACME version of the endpoint.

    Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

    The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

    -

    Choices:

    +

    Choices:

    private_key_passphrase

    string

    -

    added in community.crypto 1.6.0

    +

    added in community.crypto 1.6.0

    Phassphrase to use to decode the certificate’s private key.

    Note: this is not supported by the openssl backend, only by the cryptography backend.

    @@ -313,11 +316,11 @@ see

    request_timeout

    integer

    -

    added in community.crypto 2.3.0

    +

    added in community.crypto 2.3.0

    The time Ansible should wait for a response from the ACME API.

    This timeout is applied to all HTTP(S) requests (HEAD, GET, POST).

    -

    Default: 10

    +

    Default: 10
    @@ -336,9 +339,9 @@ see auto, which tries to use cryptography if available, and falls back to openssl.

    If set to openssl, will try to use the openssl binary.

    If set to cryptography, will try to use the cryptography library.

    -

    Choices:

    +

    Choices:

      -

    • "auto" ← (default)

      • +

    • "auto" ← (default)

    • "cryptography"

    • "openssl"

    @@ -350,10 +353,10 @@ see

    Whether calls to the ACME directory will validate TLS certificates.

    Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

    -

    Choices:

    +

    Choices:

    • false

      • -

    • true ← (default)

      • +

    • true ← (default)
    +
    @@ -373,7 +376,7 @@ see - @@ -381,7 +384,7 @@ see - @@ -389,7 +392,7 @@ see - @@ -445,13 +448,14 @@ see

    Collection links

    -

    - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

    + + diff --git a/branch/main/acme_challenge_cert_helper_module.html b/branch/main/acme_challenge_cert_helper_module.html index 6169f3ea..37120817 100644 --- a/branch/main/acme_challenge_cert_helper_module.html +++ b/branch/main/acme_challenge_cert_helper_module.html @@ -2,6 +2,7 @@ +community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as tls-alpn-01 — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

    Note

    This module is part of the community.crypto collection (version 2.16.0).

    +

    It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -203,7 +206,7 @@ see

    Parameters

    -

    Attribute

    Support

    action_group

    Action groups: community.crypto.acme, acme

    +

    Action groups: community.crypto.acme, acme

    Use group/acme or group/community.crypto.acme in module_defaults to set defaults for this module.

    check_mode

    Support: none

    +

    Support: none

    Can run in check_mode and return changed status prediction without modifying target.

    diff_mode

    Support: none

    +

    Support: none

    Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.
    +
    @@ -215,7 +218,7 @@ see

    string / required

    @@ -257,7 +260,7 @@ see

    Attributes

    -

    Parameter

    Comments

    The challenge type.

    -

    Choices:

    +

    Choices:

    • "tls-alpn-01"

    @@ -239,7 +242,7 @@ see

    private_key_passphrase

    string

    -

    added in community.crypto 1.6.0

    +

    added in community.crypto 1.6.0

    Phassphrase to use to decode the private key.

    +
    @@ -268,7 +271,7 @@ see - -

    Attribute

    Support

    check_mode

    Support: none

    +

    Support: none

    This action does not modify state.

    Can run in check_mode and return changed status prediction without modifying target.

    @@ -277,7 +280,7 @@ see

    diff_mode

    Support: N/A

    +

    Support: N/A

    This action does not modify state.

    Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

    @@ -345,7 +348,7 @@ see

    Return Values

    Common return values are documented here, the following are the fields unique to this module:

    - +
    @@ -357,7 +360,7 @@ see

    string

    @@ -408,13 +411,14 @@ see

    Collection links

    -

    - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

    + + diff --git a/branch/main/acme_inspect_module.html b/branch/main/acme_inspect_module.html index 4d3026cb..291f3b00 100644 --- a/branch/main/acme_inspect_module.html +++ b/branch/main/acme_inspect_module.html @@ -2,6 +2,7 @@ +community.crypto.acme_inspect module – Send direct requests to an ACME server — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

    Note

    This module is part of the community.crypto collection (version 2.16.0).

    +

    It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -207,7 +210,7 @@ see

    Parameters

    -

    Key

    Description

    The challenge certificate in PEM format.

    -

    Returned: always

    +

    Returned: always
    @@ -365,7 +368,7 @@ see

    string

    The domain the challenge is for. The certificate should be provided if this is specified in the request’s the Host header.

    -

    Returned: always

    +

    Returned: always
    @@ -373,7 +376,7 @@ see

    string

    The identifier for the actual resource. Will be a domain name if identifier_type=dns, or an IP address if identifier_type=ip.

    -

    Returned: always

    +

    Returned: always
    @@ -381,8 +384,8 @@ see

    string

    The identifier type for the actual resource identifier.

    -

    Returned: always

    -

    Can only return:

    +

    Returned: always

    +

    Can only return:
    +
    @@ -228,7 +231,7 @@ see @@ -309,9 +312,9 @@ see post executes an authenticated POST request. The content must be specified in the content option.

    The value get executes an authenticated POST-as-GET request for ACME v2, and a regular GET request for ACME v1.

    The value directory-only only retrieves the directory, without doing a request.

    -

    Choices:

    +

    Choices:

      -

    • "get" ← (default)

      • +

    • "get" ← (default)

    • "post"

    • "directory-only"

    @@ -320,11 +323,11 @@ see @@ -369,7 +372,7 @@ see

    Attributes

    -

    Parameter

    Comments

    account_key_passphrase

    string

    -

    added in community.crypto 1.6.0

    +

    added in community.crypto 1.6.0

    Phassphrase to use to decode the account key.

    Note: this is not supported by the openssl backend, only by the cryptography backend.

    @@ -274,7 +277,7 @@ see

    The ACME version of the endpoint.

    Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

    The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

    -

    Choices:

    +

    Choices:

    If method is post or get, make the module fail in case an ACME error is returned.

    -

    Choices:

    +

    Choices:

    • false

      • -

    • true ← (default)

      • +

    • true ← (default)

    request_timeout

    integer

    -

    added in community.crypto 2.3.0

    +

    added in community.crypto 2.3.0

    The time Ansible should wait for a response from the ACME API.

    This timeout is applied to all HTTP(S) requests (HEAD, GET, POST).

    -

    Default: 10

    +

    Default: 10
    @@ -335,9 +338,9 @@ see auto, which tries to use cryptography if available, and falls back to openssl.

    If set to openssl, will try to use the openssl binary.

    If set to cryptography, will try to use the cryptography library.

    -

    Choices:

    +

    Choices:

      -

    • "auto" ← (default)

      • +

    • "auto" ← (default)

    • "cryptography"

    • "openssl"

    @@ -357,10 +360,10 @@ see

    Whether calls to the ACME directory will validate TLS certificates.

    Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

    -

    Choices:

    +

    Choices:

    • false

      • -

    • true ← (default)

      • +

    • true ← (default)
    +
    @@ -380,7 +383,7 @@ see - @@ -388,7 +391,7 @@ see - @@ -396,7 +399,7 @@ see - @@ -534,7 +537,7 @@ see

    Return Values

    Common return values are documented here, the following are the fields unique to this module:

    -

    Attribute

    Support

    action_group

    Action groups: community.crypto.acme, acme

    +

    Action groups: community.crypto.acme, acme

    Use group/acme or group/community.crypto.acme in module_defaults to set defaults for this module.

    check_mode

    Support: none

    +

    Support: none

    Can run in check_mode and return changed status prediction without modifying target.

    diff_mode

    Support: none

    +

    Support: none

    Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.
    +
    @@ -546,8 +549,8 @@ see

    dictionary

    @@ -587,13 +590,14 @@ see

    Collection links

    -

    - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

    + + diff --git a/branch/main/certificate_complete_chain_module.html b/branch/main/certificate_complete_chain_module.html index c701dbe8..6ef8a756 100644 --- a/branch/main/certificate_complete_chain_module.html +++ b/branch/main/certificate_complete_chain_module.html @@ -2,6 +2,7 @@ +community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates — Community.Crypto Collection documentation @@ -170,6 +171,8 @@

    Note

    This module is part of the community.crypto collection (version 2.16.0).

    +

    It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -202,7 +205,7 @@ see

    Parameters

    -

    Key

    Description

    The ACME directory’s content

    -

    Returned: always

    -

    Sample: {"a85k3x9f91A4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": {"caaIdentities": ["letsencrypt.org"], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org"}, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"}

    +

    Returned: always

    +

    Sample: {"a85k3x9f91A4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": {"caaIdentities": ["letsencrypt.org"], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org"}, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"}
    @@ -555,8 +558,8 @@ see

    dictionary

    The request’s HTTP headers (with lowercase keys)

    -

    Returned: always

    -

    Sample: {"boulder-requester": "12345", "cache-control": "max-age=0, no-cache, no-store", "connection": "close", "content-length": "904", "content-type": "application/json", "cookies": {}, "cookies_string": "", "date": "Wed, 07 Nov 2018 12:34:56 GMT", "expires": "Wed, 07 Nov 2018 12:44:56 GMT", "link": "<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel=\"terms-of-service\"", "msg": "OK (904 bytes)", "pragma": "no-cache", "replay-nonce": "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGH", "server": "nginx", "status": 200, "strict-transport-security": "max-age=604800", "url": "https://acme-v02.api.letsencrypt.org/acme/acct/46161", "x-frame-options": "DENY"}

    +

    Returned: always

    +

    Sample: {"boulder-requester": "12345", "cache-control": "max-age=0, no-cache, no-store", "connection": "close", "content-length": "904", "content-type": "application/json", "cookies": {}, "cookies_string": "", "date": "Wed, 07 Nov 2018 12:34:56 GMT", "expires": "Wed, 07 Nov 2018 12:44:56 GMT", "link": "<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel=\"terms-of-service\"", "msg": "OK (904 bytes)", "pragma": "no-cache", "replay-nonce": "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGH", "server": "nginx", "status": 200, "strict-transport-security": "max-age=604800", "url": "https://acme-v02.api.letsencrypt.org/acme/acct/46161", "x-frame-options": "DENY"}
    @@ -564,8 +567,8 @@ see

    dictionary

    The output parsed as JSON

    -

    Returned: if output can be parsed as JSON

    -

    Sample: [{"id": 12345}, {"key": [{"kty": "RSA"}, "..."]}]

    +

    Returned: if output can be parsed as JSON

    +

    Sample: [{"id": 12345}, {"key": [{"kty": "RSA"}, "..."]}]
    @@ -573,8 +576,8 @@ see

    string

    The raw text output

    -

    Returned: always

    -

    Sample: "{\n  \"id\": 12345,\n  \"key\": {\n    \"kty\": \"RSA\",\n ..."

    +

    Returned: always

    +

    Sample: "{\n  \"id\": 12345,\n  \"key\": {\n    \"kty\": \"RSA\",\n ..."
    +
    @@ -225,7 +228,7 @@ see Default: []

    +

    Default: []

    Parameter

    Comments

    @@ -243,7 +246,7 @@ see

    Attributes

    - +
    @@ -254,7 +257,7 @@ see - -

    Attribute

    Support

    check_mode

    Support: full

    +

    Support: full

    This action does not modify state.

    Can run in check_mode and return changed status prediction without modifying target.

    @@ -263,7 +266,7 @@ see

    diff_mode

    Support: N/A

    +

    Support: N/A

    This action does not modify state.

    Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

    @@ -311,7 +314,7 @@ see

    Return Values

    Common return values are documented here, the following are the fields unique to this module:

    - +
    @@ -324,7 +327,7 @@ see

    The chain added to the given input chain. Includes the root certificate.

    Returned as a list of PEM certificates.

    -

    Returned: success

    +

    Returned: success

     @@ -354,13 +357,14 @@ see

    Collection links

    -

    - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

    + + diff --git a/branch/main/crypto_info_module.html b/branch/main/crypto_info_module.html index 592aaef6..1cb26119 100644 --- a/branch/main/crypto_info_module.html +++ b/branch/main/crypto_info_module.html @@ -2,6 +2,7 @@ +community.crypto.crypto_info module – Retrieve cryptographic capabilities — Community.Crypto Collection documentation @@ -168,6 +169,8 @@

    Note

    This module is part of the community.crypto collection (version 2.16.0).

    +

    It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

    To install it, use: ansible-galaxy collection install community.crypto.

    To use it in a playbook, specify: community.crypto.crypto_info.

    @@ -189,7 +192,7 @@

    Attributes

    -

    Key

    Description

    @@ -333,7 +336,7 @@ see

    The completed chain, including leaf, all intermediates, and root.

    Returned as a list of PEM certificates.

    -

    Returned: success

    +

    Returned: success
    @@ -341,7 +344,7 @@ see

    string

    The root certificate in PEM format.

    -

    Returned: success

    +

    Returned: success
    +
    @@ -200,7 +203,7 @@ - -

    Attribute

    Support

    check_mode

    Support: full

    +

    Support: full

    This action does not modify state.

    Can run in check_mode and return changed status prediction without modifying target.

    @@ -209,7 +212,7 @@

    diff_mode

    Support: N/A

    +

    Support: N/A

    This action does not modify state.

    Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

    @@ -234,7 +237,7 @@

    Return Values

    Common return values are documented here, the following are the fields unique to this module:

    - +
    @@ -246,7 +249,7 @@

    dictionary

    @@ -454,13 +457,14 @@ + + diff --git a/branch/main/ecs_certificate_module.html b/branch/main/ecs_certificate_module.html index 7c1b361f..9074afc7 100644 --- a/branch/main/ecs_certificate_module.html +++ b/branch/main/ecs_certificate_module.html @@ -2,6 +2,7 @@ +community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

    Note

    This module is part of the community.crypto collection (version 2.16.0).

    +

    It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -207,7 +210,7 @@ see

    Parameters

    -

    Key

    Description

    Information on the installed OpenSSL binary.

    -

    Returned: when openssl_present=true

    +

    Returned: when openssl_present=true
    @@ -254,8 +257,8 @@

    string

    Path of the OpenSSL binary.

    -

    Returned: success

    -

    Sample: "/usr/bin/openssl"

    +

    Returned: success

    +

    Sample: "/usr/bin/openssl"
    @@ -263,8 +266,8 @@

    string

    The OpenSSL version.

    -

    Returned: success

    -

    Sample: "1.1.1m"

    +

    Returned: success

    +

    Sample: "1.1.1m"
    @@ -272,8 +275,8 @@

    string

    The complete output of openssl version.

    -

    Returned: success

    -

    Sample: "OpenSSL 1.1.1m  14 Dec 2021\\n"

    +

    Returned: success

    +

    Sample: "OpenSSL 1.1.1m  14 Dec 2021\\n"
    @@ -281,8 +284,8 @@

    boolean

    Whether the OpenSSL binary openssl is installed and can be found in the PATH.

    -

    Returned: always

    -

    Sample: true

    +

    Returned: always

    +

    Sample: true
    @@ -290,7 +293,7 @@

    dictionary

    Information on the installed Python cryptography library.

    -

    Returned: when python_cryptography_installed=true

    +

    Returned: when python_cryptography_installed=true
    @@ -299,7 +302,7 @@

    List of all supported elliptic curves.

    Theoretically this should be non-empty for version 0.5 and higher, depending on the libssl version used.

    -

    Returned: success

    +

    Returned: success
    @@ -308,7 +311,7 @@

    Whether DSA keys are supported.

    Theoretically this should be the case for version 0.5 and higher.

    -

    Returned: success

    +

    Returned: success
    @@ -317,7 +320,7 @@

    Whether signing with DSA keys is supported.

    Theoretically this should be the case for version 1.5 and higher.

    -

    Returned: success

    +

    Returned: success
    @@ -326,7 +329,7 @@

    Whether elliptic curves are supported.

    Theoretically this should be the case for version 0.5 and higher, depending on the libssl version used.

    -

    Returned: success

    +

    Returned: success
    @@ -335,7 +338,7 @@

    Whether signing with elliptic curves is supported.

    Theoretically this should be the case for version 1.5 and higher, depending on the libssl version used.

    -

    Returned: success

    +

    Returned: success
    @@ -344,7 +347,7 @@

    Whether Ed25519 keys are supported.

    Theoretically this should be the case for version 2.6 and higher, depending on the libssl version used.

    -

    Returned: success

    +

    Returned: success
    @@ -353,7 +356,7 @@

    Whether signing with Ed25519 keys is supported.

    Theoretically this should be the case for version 2.6 and higher, depending on the libssl version used.

    -

    Returned: success

    +

    Returned: success
    @@ -362,7 +365,7 @@

    Whether Ed448 keys are supported.

    Theoretically this should be the case for version 2.6 and higher, depending on the libssl version used.

    -

    Returned: success

    +

    Returned: success
    @@ -371,7 +374,7 @@

    Whether signing with Ed448 keys is supported.

    Theoretically this should be the case for version 2.6 and higher, depending on the libssl version used.

    -

    Returned: success

    +

    Returned: success
    @@ -380,7 +383,7 @@

    Whether RSA keys are supported.

    Theoretically this should be the case for version 0.5 and higher.

    -

    Returned: success

    +

    Returned: success
    @@ -389,7 +392,7 @@

    Whether signing with RSA keys is supported.

    Theoretically this should be the case for version 1.4 and higher.

    -

    Returned: success

    +

    Returned: success
    @@ -398,7 +401,7 @@

    Whether X25519 keys are supported.

    Theoretically this should be the case for version 2.0 and higher, depending on the libssl version used.

    -

    Returned: success

    +

    Returned: success
    @@ -407,7 +410,7 @@

    Whether serialization of X25519 keys is supported.

    Theoretically this should be the case for version 2.5 and higher, depending on the libssl version used.

    -

    Returned: success

    +

    Returned: success
    @@ -416,7 +419,7 @@

    Whether X448 keys are supported.

    Theoretically this should be the case for version 2.5 and higher, depending on the libssl version used.

    -

    Returned: success

    +

    Returned: success
    @@ -424,7 +427,7 @@

    string

    The library version.

    -

    Returned: success

    +

    Returned: success
    @@ -432,7 +435,7 @@

    string

    Import error when trying to import the Python cryptography library.

    -

    Returned: when python_cryptography_installed=false

    +

    Returned: when python_cryptography_installed=false
    @@ -440,8 +443,8 @@

    boolean

    Whether the Python cryptography library is installed.

    -

    Returned: always

    -

    Sample: true

    +

    Returned: always

    +

    Sample: true
    +
    @@ -226,9 +229,9 @@ see

    boolean

    @@ -257,7 +260,7 @@ see P2Y is a certificate with a 2 year lifetime.

    P3Y is a certificate with a 3 year lifetime.

    Only one of cert_expiry or cert_lifetime may be specified.

    -

    Choices:

    +

    Choices:

    @@ -704,7 +707,7 @@ see request_type=renew, a renewal will fail if the certificate being renewed has been issued within the past 30 days, so do not set a remaining_days value that is within 30 days of the full lifetime of the certificate being acted upon.

    For exmaple, if you are requesting Certificates with a 90 day lifetime, do not set remaining_days to a value 60 or higher).

    The force option may be used to ensure that a new certificate is always obtained.

    -

    Default: 30

    +

    Default: 30

    Parameter

    Comments

    Whether a backup should be made for the certificate in path.

    -

    Choices:

    +

    Choices:

      -

    • false ← (default)

      • +

    • false ← (default)

    • true
    @@ -321,7 +324,7 @@ see ct_log is not specified, the certificate uses the account default.

    If ct_log is specified and the account settings allow it, ct_log overrides the account default.

    If ct_log is set to false, but the account settings are set to “always log”, the certificate generation will fail.

    -

    Choices:

    +

    Choices:

    • false

    • true

      • @@ -587,7 +590,7 @@ see

      string

    If specified, overrides the key usage in the csr.

    -

    Choices:

    +

    Choices:
    @@ -651,9 +654,9 @@ see

    If force is used, a certificate is requested regardless of whether path points to an existing valid certificate.

    If request_type=renew, a forced renew will fail if the certificate being renewed has been issued within the past 30 days, regardless of the value of remaining_days or the return value of cert_days - the ECS API does not support the “renew” operation for certificates that are not at least 30 days old.

    -

    Choices:

    +

    Choices:

      -

    • false ← (default)

      • +

    • false ← (default)

    • true
    @@ -720,9 +723,9 @@ see reissue is an operation that will result in the revocation of the certificate that is reissued, be cautious with its use.

    check_mode is only supported if request_type=new

    For example, setting request_type=renew and remaining_days=30 and pointing to the same certificate on multiple playbook runs means that on the first run new certificate will be requested. It will then be left along on future runs until it is within 30 days of expiry, then the ECS “renew” operation will be performed.

    -

    Choices:

    +

    Choices:

      -

    • "new" ← (default)

      • +

    • "new" ← (default)

    • "renew"

    • "reissue"

    • "validate_only"

      • @@ -784,7 +787,7 @@ see

      Attributes

      - +
      @@ -795,7 +798,7 @@ see - - @@ -812,7 +815,7 @@ see - @@ -961,7 +964,7 @@ see

      Return Values

      Common return values are documented here, the following are the fields unique to this module:

      -

      Attribute

      Support

      check_mode

      Support: partial

      +

      Support: partial

      Check mode is only supported if request_type=new.

      Can run in check_mode and return changed status prediction without modifying target.

      @@ -804,7 +807,7 @@ see

      diff_mode

      Support: none

      +

      Support: none

      Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

      safe_file_operations

      Support: full

      +

      Support: full

      Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
      +
      @@ -973,8 +976,8 @@ see

      string

      @@ -1051,13 +1054,14 @@ see

      Collection links

      -

      - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

      + + diff --git a/branch/main/ecs_domain_module.html b/branch/main/ecs_domain_module.html index 831743c2..fa4e183d 100644 --- a/branch/main/ecs_domain_module.html +++ b/branch/main/ecs_domain_module.html @@ -2,6 +2,7 @@ +community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

      Note

      This module is part of the community.crypto collection (version 2.16.0).

      +

      It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

      To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

      @@ -212,7 +215,7 @@ see

      Parameters

      -

      Key

      Description

      Name of backup file created for the certificate.

      -

      Returned: changed and if backup is true

      -

      Sample: "/path/to/www.ansible.com.crt.2019-03-09@11:22~"

      +

      Returned: changed and if backup is true

      +

      Sample: "/path/to/www.ansible.com.crt.2019-03-09@11:22~"
      @@ -982,8 +985,8 @@ see

      string

      Name of the backup file created for the certificate chain.

      -

      Returned: changed and if backup is true and full_chain_path is set.

      -

      Sample: "/path/to/ca.chain.crt.2019-03-09@11:22~"

      +

      Returned: changed and if backup is true and full_chain_path is set.

      +

      Sample: "/path/to/ca.chain.crt.2019-03-09@11:22~"
      @@ -991,8 +994,8 @@ see

      integer

      The number of days the certificate remains valid.

      -

      Returned: success

      -

      Sample: 253

      +

      Returned: success

      +

      Sample: 253
      @@ -1001,7 +1004,7 @@ see

      The full response JSON from the Get Certificate call of the ECS API.

      While the response contents are guaranteed to be forwards compatible with new ECS API releases, Entrust recommends that you do not make any playbooks take actions based on the content of this field. However it may be useful for debugging, logging, or auditing purposes.

      -

      Returned: success

      +

      Returned: success
      @@ -1010,8 +1013,8 @@ see

      The certificate status in ECS.

      Current possible values (which may be expanded in the future) are: ACTIVE, APPROVED, DEACTIVATED, DECLINED, EXPIRED, NA, PENDING, PENDING_QUORUM, READY, REISSUED, REISSUING, RENEWED, RENEWING, REVOKED, SUSPENDED

      -

      Returned: success

      -

      Sample: "ACTIVE"

      +

      Returned: success

      +

      Sample: "ACTIVE"
      @@ -1019,8 +1022,8 @@ see

      string

      The destination path for the generated certificate.

      -

      Returned: changed or success

      -

      Sample: "/etc/ssl/crt/www.ansible.com.crt"

      +

      Returned: changed or success

      +

      Sample: "/etc/ssl/crt/www.ansible.com.crt"
      @@ -1028,8 +1031,8 @@ see

      integer

      The serial number of the issued certificate.

      -

      Returned: success

      -

      Sample: 1235262234164342

      +

      Returned: success

      +

      Sample: 1235262234164342
      @@ -1037,8 +1040,8 @@ see

      integer

      The tracking ID to reference and track the certificate in ECS.

      -

      Returned: success

      -

      Sample: 380079

      +

      Returned: success

      +

      Sample: 380079
      +
      @@ -225,7 +228,7 @@ see

      The client ID to request the domain be associated with.

      If no client ID is specified, the domain will be added under the primary client with ID of 1.

      -

      Default: 1

      +

      Default: 1

      Parameter

      Comments

      @@ -262,7 +265,7 @@ see

      The path to the specification file defining the Entrust Certificate Services (ECS) API configuration.

      You can use this to keep a local copy of the specification to avoid downloading it every time the module is used.

      -

      Default: "https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml"

      +

      Default: "https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml"
      @@ -294,7 +297,7 @@ see verification_method=dns, the value dns_contents must be stored in location dns_location, with a DNS record type of dns_resource_type. To prove domain ownership, update your DNS records so the text string returned by dns_contents is available at dns_location.

      If verification_method=web_server, the contents of return value file_contents must be made available on a web server accessible at location file_location.

      If verification_method=manual, the domain will be validated with a manual process. This is not recommended.

      -

      Choices:

      +

      Choices:

      • "dns"

      • "email"

        • @@ -308,7 +311,7 @@ see

        Attributes

        - +
        @@ -319,7 +322,7 @@ see - @@ -327,7 +330,7 @@ see - @@ -403,7 +406,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: none

        +

        Support: none

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: none

        +

        Support: none

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.
        +
        @@ -415,8 +418,8 @@ see

        integer

        @@ -538,13 +541,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/environment_variables.html b/branch/main/environment_variables.html index 3989d8b8..c90e6ca6 100644 --- a/branch/main/environment_variables.html +++ b/branch/main/environment_variables.html @@ -2,6 +2,7 @@ +Index of all Collection Environment Variables — Community.Crypto Collection documentation diff --git a/branch/main/get_certificate_module.html b/branch/main/get_certificate_module.html index 8f515af4..b5a1ff9f 100644 --- a/branch/main/get_certificate_module.html +++ b/branch/main/get_certificate_module.html @@ -2,6 +2,7 @@ +community.crypto.get_certificate module – Get a certificate from a host:port — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -205,7 +208,7 @@ see

        Parameters

        -

        Key

        Description

        Client ID that the domain belongs to. If the input value client_id is specified, this will always be the same as client_id

        -

        Returned: changed or success

        -

        Sample: 1

        +

        Returned: changed or success

        +

        Sample: 1
        @@ -424,8 +427,8 @@ see

        string

        The value that ECS will be expecting to find in the DNS record located at dns_location.

        -

        Returned: changed and if verification_method is dns

        -

        Sample: "AB23CD41432522FF2526920393982FAB"

        +

        Returned: changed and if verification_method is dns

        +

        Sample: "AB23CD41432522FF2526920393982FAB"
        @@ -433,8 +436,8 @@ see

        string

        The location that ECS will be expecting to be able to find the DNS entry for domain verification, containing the contents of dns_contents.

        -

        Returned: changed and if verification_method is dns

        -

        Sample: "_pki-validation.ansible.com"

        +

        Returned: changed and if verification_method is dns

        +

        Sample: "_pki-validation.ansible.com"
        @@ -442,8 +445,8 @@ see

        string

        The type of resource record that ECS will be expecting for the DNS record located at dns_location.

        -

        Returned: changed and if verification_method is dns

        -

        Sample: "TXT"

        +

        Returned: changed and if verification_method is dns

        +

        Sample: "TXT"
        @@ -451,8 +454,8 @@ see

        string

        Status of the current domain. Will be one of APPROVED, DECLINED, CANCELLED, INITIAL_VERIFICATION, DECLINED, CANCELLED, RE_VERIFICATION, EXPIRED, EXPIRING

        -

        Returned: changed or success

        -

        Sample: "APPROVED"

        +

        Returned: changed or success

        +

        Sample: "APPROVED"
        @@ -461,8 +464,8 @@ see

        The list of emails used to request validation of this domain.

        Domains requested using this module will only have a list of size 1.

        -

        Returned: verification_method is email

        -

        Sample: ["admin@ansible.com", "administrator@ansible.com"]

        +

        Returned: verification_method is email

        +

        Sample: ["admin@ansible.com", "administrator@ansible.com"]
        @@ -470,8 +473,8 @@ see

        integer

        The number of days the domain remains eligible for submission of “EV” certificates. Will never be greater than the value of ov_days_remaining

        -

        Returned: success and ev_eligible is true and domain_status is APPROVED, RE_VERIFICATION or EXPIRING.

        -

        Sample: 94

        +

        Returned: success and ev_eligible is true and domain_status is APPROVED, RE_VERIFICATION or EXPIRING.

        +

        Sample: 94
        @@ -479,8 +482,8 @@ see

        boolean

        Whether the domain is eligible for submission of “EV” certificates. Will never be true if ov_eligible is false

        -

        Returned: success and domain_status is APPROVED, RE_VERIFICATION or EXPIRING, or EXPIRED.

        -

        Sample: true

        +

        Returned: success and domain_status is APPROVED, RE_VERIFICATION or EXPIRING, or EXPIRED.

        +

        Sample: true
        @@ -488,8 +491,8 @@ see

        string

        The contents of the file that ECS will be expecting to find at file_location.

        -

        Returned: verification_method is web_server

        -

        Sample: "AB23CD41432522FF2526920393982FAB"

        +

        Returned: verification_method is web_server

        +

        Sample: "AB23CD41432522FF2526920393982FAB"
        @@ -497,8 +500,8 @@ see

        string

        The location that ECS will be expecting to be able to find the file for domain verification, containing the contents of file_contents.

        -

        Returned: verification_method is web_server

        -

        Sample: "http://ansible.com/.well-known/pki-validation/abcd.txt"

        +

        Returned: verification_method is web_server

        +

        Sample: "http://ansible.com/.well-known/pki-validation/abcd.txt"
        @@ -506,8 +509,8 @@ see

        integer

        The number of days the domain remains eligible for submission of “OV” certificates. Will never be less than the value of ev_days_remaining

        -

        Returned: success and ov_eligible is true and domain_status is APPROVED, RE_VERIFICATION or EXPIRING.

        -

        Sample: 129

        +

        Returned: success and ov_eligible is true and domain_status is APPROVED, RE_VERIFICATION or EXPIRING.

        +

        Sample: 129
        @@ -515,8 +518,8 @@ see

        boolean

        Whether the domain is eligible for submission of “OV” certificates. Will never be false if ev_eligible is true

        -

        Returned: success and domain_status is APPROVED, RE_VERIFICATION, EXPIRING, or EXPIRED.

        -

        Sample: true

        +

        Returned: success and domain_status is APPROVED, RE_VERIFICATION, EXPIRING, or EXPIRED.

        +

        Sample: true
        @@ -524,8 +527,8 @@ see

        string

        Verification method used to request the domain validation. If changed will be the same as verification_method input parameter.

        -

        Returned: changed or success

        -

        Sample: "dns"

        +

        Returned: changed or success

        +

        Sample: "dns"
        +
        @@ -215,12 +218,12 @@ see @@ -292,7 +295,7 @@ see @@ -300,11 +303,11 @@ see @@ -323,7 +326,7 @@ see

        Attributes

        -

        Parameter

        Comments

        asn1_base64

        boolean

        -

        added in community.crypto 2.12.0

        +

        added in community.crypto 2.12.0

        Whether to encode the ASN.1 values in the extensions return value with Base64 or not.

        The documentation claimed for a long time that the values are Base64 encoded, but they never were. For compatibility this option is set to false.

        The default value false is deprecated and will change to true in community.crypto 3.0.0.

        -

        Choices:

        +

        Choices:

        • false

        • true

          • @@ -238,7 +241,7 @@ see

        ciphers

        list / elements=string

        -

        added in community.crypto 2.11.0

        +

        added in community.crypto 2.11.0

        SSL/TLS Ciphers to use for the request.

        When a list is provided, all ciphers are joined in order with :.

        @@ -272,7 +275,7 @@ see

        integer

        Proxy port used when get a certificate.

        -

        Default: 8080

        +

        Default: 8080
        @@ -282,9 +285,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        server_name

        string

        -

        added in community.crypto 1.4.0

        +

        added in community.crypto 1.4.0

        Server name used for SNI (Server Name Indication) when hostname is an IP or is different from server name.

        starttls

        string

        -

        added in community.crypto 1.9.0

        +

        added in community.crypto 1.9.0

        Requests a secure connection for protocols which require clients to initiate encryption.

        Only available for mysql currently.

        -

        Choices:

        +

        Choices:

        • "mysql"

        @@ -315,7 +318,7 @@ see

        integer

        The timeout in seconds

        -

        Default: 10

        +

        Default: 10
        +
        @@ -334,7 +337,7 @@ see - -

        Attribute

        Support

        check_mode

        Support: none

        +

        Support: none

        This action does not modify state.

        Can run in check_mode and return changed status prediction without modifying target.

        @@ -343,7 +346,7 @@ see

        diff_mode

        Support: N/A

        +

        Support: N/A

        This action does not modify state.

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        @@ -390,7 +393,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        - +
        @@ -402,7 +405,7 @@ see

        string

        @@ -514,13 +517,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/gpg_fingerprint_filter.html b/branch/main/gpg_fingerprint_filter.html index e90f3236..06fba521 100644 --- a/branch/main/gpg_fingerprint_filter.html +++ b/branch/main/gpg_fingerprint_filter.html @@ -2,6 +2,7 @@ +community.crypto.gpg_fingerprint filter – Retrieve a GPG fingerprint from a GPG public or private key — Community.Crypto Collection documentation @@ -170,6 +171,8 @@

        Note

        This filter plugin is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this filter plugin, see Requirements for details.

        @@ -202,7 +205,7 @@ see

        Input

        This describes the input of the filter, the value before | community.crypto.gpg_fingerprint.

        -

        Key

        Description

        The certificate retrieved from the port

        -

        Returned: success

        +

        Returned: success
        @@ -410,7 +413,7 @@ see

        boolean

        Boolean indicating if the cert is expired

        -

        Returned: success

        +

        Returned: success
        @@ -418,7 +421,7 @@ see

        list / elements=dictionary

        Extensions applied to the cert

        -

        Returned: success

        +

        Returned: success
        @@ -429,7 +432,7 @@ see asn1_base64=true this will be Base64 encoded, otherwise the raw binary value will be returned.

        Please note that the raw binary value might not survive JSON serialization to the Ansible controller, and also might cause failures when displaying it. See https://github.com/ansible/ansible/issues/80258 for more information.

        Note that depending on the cryptography version used, it is not possible to extract the ASN.1 content of the extension, but only to provide the re-encoded content of the extension in case it was parsed by cryptography. This should usually result in exactly the same value, except if the original extension value was malformed.

        -

        Returned: success

        +

        Returned: success
        @@ -437,7 +440,7 @@ see

        boolean

        Whether the extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -445,7 +448,7 @@ see

        string

        The extension’s name.

        -

        Returned: success

        +

        Returned: success
        @@ -453,7 +456,7 @@ see

        dictionary

        Information about the issuer of the cert

        -

        Returned: success

        +

        Returned: success
        @@ -461,7 +464,7 @@ see

        string

        Expiration date of the cert

        -

        Returned: success

        +

        Returned: success
        @@ -469,7 +472,7 @@ see

        string

        Issue date of the cert

        -

        Returned: success

        +

        Returned: success
        @@ -477,7 +480,7 @@ see

        string

        The serial number of the cert

        -

        Returned: success

        +

        Returned: success
        @@ -485,7 +488,7 @@ see

        string

        The algorithm used to sign the cert

        -

        Returned: success

        +

        Returned: success
        @@ -493,7 +496,7 @@ see

        dictionary

        Information about the subject of the cert (OU, CN, etc)

        -

        Returned: success

        +

        Returned: success
        @@ -501,7 +504,7 @@ see

        string

        The version number of the certificate

        -

        Returned: success

        +

        Returned: success
        +
        @@ -239,7 +242,7 @@ see

        Return Value

        -

        Parameter

        Comments

        +
        @@ -251,7 +254,7 @@ see

        string

        @@ -268,13 +271,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/gpg_fingerprint_lookup.html b/branch/main/gpg_fingerprint_lookup.html index 8f1a91c0..d7abd9ed 100644 --- a/branch/main/gpg_fingerprint_lookup.html +++ b/branch/main/gpg_fingerprint_lookup.html @@ -2,6 +2,7 @@ +community.crypto.gpg_fingerprint lookup – Retrieve a GPG fingerprint from a GPG public or private key file — Community.Crypto Collection documentation @@ -169,6 +170,8 @@

        Note

        This lookup plugin is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this lookup plugin, see Requirements for details.

        @@ -200,7 +203,7 @@ see

        Terms

        -

        Key

        Description

        The fingerprint of the provided public or private GPG key.

        -

        Returned: success

        +

        Returned: success
        +
        @@ -237,7 +240,7 @@ see

        Return Value

        -

        Parameter

        Comments

        +
        @@ -250,7 +253,7 @@ see

        The fingerprints of the provided public or private GPG keys.

        The list has one entry for every path provided.

        -

        Returned: success

        +

        Returned: success

         @@ -267,13 +270,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/index.html b/branch/main/index.html index a462a41c..a13d5eb3 100644 --- a/branch/main/index.html +++ b/branch/main/index.html @@ -2,6 +2,7 @@ +Community.Crypto — Community.Crypto Collection documentation @@ -171,12 +172,13 @@

        • 2.9.10 or newer

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature -

        + +

        Communication

          diff --git a/branch/main/luks_device_module.html b/branch/main/luks_device_module.html index e0a54ea5..9785f08a 100644 --- a/branch/main/luks_device_module.html +++ b/branch/main/luks_device_module.html @@ -2,6 +2,7 @@ + community.crypto.luks_device module – Manage encrypted (LUKS) devices — Community.Crypto Collection documentation @@ -170,6 +171,8 @@

          Note

          This module is part of the community.crypto collection (version 2.16.0).

          +

          It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

          To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

          @@ -203,7 +206,7 @@ see

          Parameters

          -

        Key

        Description

        +
        @@ -213,7 +216,7 @@ see @@ -243,7 +246,7 @@ see @@ -268,7 +271,7 @@ see @@ -311,7 +314,7 @@ see @@ -381,13 +384,13 @@ see @@ -395,14 +398,14 @@ see @@ -410,15 +413,15 @@ see @@ -426,14 +429,14 @@ see @@ -451,7 +454,7 @@ see

        Parameter

        Comments

        cipher

        string

        -

        added in community.crypto 1.1.0

        +

        added in community.crypto 1.1.0

        This option allows the user to define the cipher specification string for the LUKS container.

        Will only be used on container creation.

        @@ -233,9 +236,9 @@ see

        If set to true, allows removing the last key from a container.

        BEWARE that when the last key has been removed from a container, the container can no longer be opened!

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        hash

        string

        -

        added in community.crypto 1.1.0

        +

        added in community.crypto 1.1.0

        This option allows the user to specify the hash function used in LUKS key setup scheme and volume key digest.

        Will only be used on container creation.

        @@ -260,7 +263,7 @@ see

        keysize

        integer

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Sets the key size only if LUKS container does not exist.

        label

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        This option allow the user to create a LUKS2 format container with label support, respectively to identify the container by label on later usages.

        Will only be used on container creation, or when device is not specified.

        @@ -294,7 +297,7 @@ see

        new_passphrase

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Adds additional passphrase to given container on device. Needs keyfile or passphrase option for authorization. LUKS container supports up to 8 keyslots. Parameter value is a string with the new passphrase.

        NOTE that adding additional passphrase is idempotent only since community.crypto 1.4.0. For older versions, a new keyslot will be used even if another keyslot already exists for this passphrase.

        @@ -303,7 +306,7 @@ see

        passphrase

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Used to unlock the container. Either a passphrase or a keyfile is needed for most of the operations. Parameter value is a string with the passphrase.

        pbkdf

        dictionary

        -

        added in community.crypto 1.4.0

        +

        added in community.crypto 1.4.0

        This option allows the user to configure the Password-Based Key Derivation Function (PBKDF) used.

        Will only be used on container creation, and when adding keys to an existing container.

        @@ -323,7 +326,7 @@ see

        The algorithm to use.

        Only available for the LUKS 2 format.

        -

        Choices:

        +

        Choices:

        perf_no_read_workqueue

        boolean

        -

        added in community.crypto 2.3.0

        +

        added in community.crypto 2.3.0

        Allows the user to bypass dm-crypt internal workqueue and process read requests synchronously.

        Will only be used when opening containers.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        perf_no_write_workqueue

        boolean

        -

        added in community.crypto 2.3.0

        +

        added in community.crypto 2.3.0

        Allows the user to bypass dm-crypt internal workqueue and process write requests synchronously.

        Will only be used when opening containers.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        perf_same_cpu_crypt

        boolean

        -

        added in community.crypto 2.3.0

        +

        added in community.crypto 2.3.0

        Allows the user to perform encryption using the same CPU that IO was submitted on.

        The default is to use an unbound workqueue so that encryption work is automatically balanced between available CPUs.

        Will only be used when opening containers.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        perf_submit_from_crypt_cpus

        boolean

        -

        added in community.crypto 2.3.0

        +

        added in community.crypto 2.3.0

        Allows the user to disable offloading writes to a separate thread after encryption.

        There are some situations where offloading block write IO operations from the encryption threads to a single thread degrades performance significantly.

        The default is to offload block write IO operations to the same thread.

        Will only be used when opening containers.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        persistent

        boolean

        -

        added in community.crypto 2.3.0

        +

        added in community.crypto 2.3.0

        Allows the user to store options into container’s metadata persistently and automatically use them next time. Only perf_same_cpu_crypt, perf_submit_from_crypt_cpus, perf_no_read_workqueue, and perf_no_write_workqueue can be stored persistently.

        Will only work with LUKS2 containers.

        Will only be used when opening containers.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        remove_passphrase

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Removes given passphrase from the container on device. Parameter value is a string with the passphrase to remove.

        NOTE that removing passphrases is idempotent only since community.crypto 1.4.0. For older versions, trying to remove a passphrase which no longer exists results in an error.

        @@ -461,7 +464,7 @@ see

        sector_size

        integer

        -

        added in community.crypto 1.5.0

        +

        added in community.crypto 1.5.0

        This option allows the user to specify the sector size (in bytes) used for LUKS2 containers.

        Will only be used on container creation.

        @@ -476,9 +479,9 @@ see absent will remove existing LUKS container if it exists. Requires device or name to be specified.

        opened will unlock the LUKS container. If it does not exist it will be created first. Requires device and either keyfile or passphrase to be specified. Use the name option to set the name of the opened container. Otherwise the name will be generated automatically and returned as a part of the result.

        closed will lock the LUKS container. However if the container does not exist it will be created. Requires device and either keyfile or passphrase options to be provided. If container does already exist device or name will suffice.

        -

        Choices:

        +

        Choices:

          -

        • "present" ← (default)

          • +

        • "present" ← (default)

        • "absent"

        • "opened"

        • "closed"

          • @@ -488,10 +491,10 @@ see

        type

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        This option allow the user explicit define the format of LUKS container that wants to work with. Options are luks1 or luks2

        -

        Choices:

        +

        Choices:

        • "luks1"

        • "luks2"

          • @@ -501,7 +504,7 @@ see

        uuid

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        With this option user can identify the LUKS container by UUID.

        Will only be used when device and label are not specified.

        @@ -512,7 +515,7 @@ see

        Attributes

        - +
        @@ -523,7 +526,7 @@ see - @@ -531,7 +534,7 @@ see - @@ -644,7 +647,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: none

        +

        Support: none

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.
        +
        @@ -656,8 +659,8 @@ see

        string

        @@ -670,13 +673,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssh_cert_module.html b/branch/main/openssh_cert_module.html index 1d8721e0..26952e55 100644 --- a/branch/main/openssh_cert_module.html +++ b/branch/main/openssh_cert_module.html @@ -2,6 +2,7 @@ +community.crypto.openssh_cert module – Generate OpenSSH host or user certificates. — Community.Crypto Collection documentation @@ -170,6 +171,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -200,7 +203,7 @@ see

        Parameters

        -

        Key

        Description

        When state=opened returns (generated or given) name of LUKS container. Returns None if no name is supplied.

        -

        Returned: success

        -

        Sample: "luks-c1da9a58-2fde-4256-9d9f-6ab008b4dd1b"

        +

        Returned: success

        +

        Sample: "luks-c1da9a58-2fde-4256-9d9f-6ab008b4dd1b"
        +
        @@ -225,9 +228,9 @@ see

        Should the certificate be regenerated even if it already exists and is valid.

        Equivalent to regenerate=always.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -250,13 +253,13 @@ see @@ -314,7 +317,7 @@ see @@ -440,7 +443,7 @@ see

        Whether the module should generate a host or a user certificate.

        Required if state is present.

        -

        Choices:

        +

        Choices:

        @@ -506,7 +509,7 @@ see

        Attributes

        -

        Parameter

        Comments

        ignore_timestamps

        boolean

        -

        added in community.crypto 2.2.0

        +

        added in community.crypto 2.2.0

        Whether the valid_from and valid_to timestamps should be ignored for idempotency checks.

        However, the values will still be applied to a new certificate if it meets any other necessary conditions for generation/regeneration.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        pkcs11_provider

        string

        -

        added in community.crypto 1.1.0

        +

        added in community.crypto 1.1.0

        To use a signing key that resides on a PKCS#11 token, set this to the name (or full path) of the shared library to use with the token. Usually libpkcs11.so.

        If this is set, signing_key needs to point to a file containing the public key of the CA.

        @@ -338,18 +341,18 @@ see

        regenerate

        string

        -

        added in community.crypto 1.8.0

        +

        added in community.crypto 1.8.0

        When never the task will fail if a certificate already exists at path and is unreadable otherwise a new certificate will only be generated if there is no existing certificate.

        When fail the task will fail if a certificate already exists at path and does not match the module’s options.

        When partial_idempotence an existing certificate will be regenerated based on serial_number, signature_algorithm, type, valid_from, valid_to, valid_at, and principals. valid_from and valid_to can be excluded by ignore_timestamps=true.

        When full_idempotence identifier, options, public_key, and signing_key are also considered when compared against an existing certificate.

        always is equivalent to force=true.

        -

        Choices:

        +

        Choices:

        • "never"

        • "fail"

          • -

        • "partial_idempotence" ← (default)

          • +

        • "partial_idempotence" ← (default)

        • "full_idempotence"

        • "always"

        @@ -399,13 +402,13 @@ see

        signature_algorithm

        string

        -

        added in community.crypto 1.10.0

        +

        added in community.crypto 1.10.0

        As of OpenSSH 8.2 the SHA-1 signature algorithm for RSA keys has been disabled and ssh will refuse host certificates signed with the SHA-1 algorithm. OpenSSH 8.1 made rsa-sha2-512 the default algorithm when acting as a CA and signing certificates with a RSA key. However, for OpenSSH versions less than 8.1 the SHA-2 signature algorithms, rsa-sha2-256 or rsa-sha2-512, must be specified using this option if compatibility with newer ssh clients is required. Conversely if hosts using OpenSSH version 8.2 or greater must remain compatible with ssh clients using OpenSSH less than 7.2, then ssh-rsa can be used when generating host certificates (a corresponding change to the sshd_config to add ssh-rsa to the CASignatureAlgorithms keyword is also required).

        Using any value for this option with a non-RSA signing_key will cause this module to fail.

        Note: OpenSSH versions prior to 7.2 do not support SHA-2 signature algorithms for RSA keys and OpenSSH versions prior to 7.3 do not support SHA-2 signature algorithms for certificates.

        See https://www.openssh.com/txt/release-8.2 for more information.

        -

        Choices:

        +

        Choices:

        • "ssh-rsa"

        • "rsa-sha2-256"

          • @@ -427,9 +430,9 @@ see

          string

        Whether the host or user certificate should exist or not, taking action if the state is different from what is stated.

        -

        Choices:

        +

        Choices:

          -

        • "present" ← (default)

          • +

        • "present" ← (default)

        • "absent"

        use_agent

        boolean

        -

        added in community.crypto 1.3.0

        +

        added in community.crypto 1.3.0

        Should the ssh-keygen use a CA key residing in a ssh-agent.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        +
        @@ -517,7 +520,7 @@ see - @@ -525,7 +528,7 @@ see - @@ -533,7 +536,7 @@ see - @@ -613,7 +616,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: full

        +

        Support: full

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        safe_file_operations

        Support: full

        +

        Support: full

        Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
        +
        @@ -625,8 +628,8 @@ see

        string

        @@ -656,13 +659,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssh_keypair_module.html b/branch/main/openssh_keypair_module.html index 2781d647..c8a73091 100644 --- a/branch/main/openssh_keypair_module.html +++ b/branch/main/openssh_keypair_module.html @@ -2,6 +2,7 @@ +community.crypto.openssh_keypair module – Generate OpenSSH private and public keys — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -204,7 +207,7 @@ see

        Parameters

        -

        Key

        Description

        path to the certificate

        -

        Returned: changed or success

        -

        Sample: "/tmp/certificate-cert.pub"

        +

        Returned: changed or success

        +

        Sample: "/tmp/certificate-cert.pub"
        @@ -634,7 +637,7 @@ see

        list / elements=string

        Information about the certificate. Output of ssh-keygen -L -f.

        -

        Returned: change or success

        +

        Returned: change or success
        @@ -642,8 +645,8 @@ see

        string

        type of the certificate (host or user)

        -

        Returned: changed or success

        -

        Sample: "host"

        +

        Returned: changed or success

        +

        Sample: "host"
        +
        @@ -226,13 +229,13 @@ see @@ -290,7 +293,7 @@ see @@ -404,9 +407,9 @@ see

        string

        @@ -434,7 +437,7 @@ see

        Attributes

        -

        Parameter

        Comments

        backend

        string

        -

        added in community.crypto 1.7.0

        +

        added in community.crypto 1.7.0

        Selects between the cryptography library or the OpenSSH binary opensshbin.

        auto will default to opensshbin unless the OpenSSH binary is not installed or when using passphrase.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        • "opensshbin"

        @@ -250,9 +253,9 @@ see

        boolean

        Should the key be regenerated even if it already exists

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        passphrase

        string

        -

        added in community.crypto 1.7.0

        +

        added in community.crypto 1.7.0

        Passphrase used to decrypt an existing private key or encrypt a newly generated private key.

        Passphrases are not supported for type=rsa1.

        @@ -307,16 +310,16 @@ see

        private_key_format

        string

        -

        added in community.crypto 1.7.0

        +

        added in community.crypto 1.7.0

        Used when backend=cryptography to select a format for the private key at the provided path.

        When set to auto this module will match the key format of the installed OpenSSH version.

        For OpenSSH < 7.8 private keys will be in PKCS1 format except ed25519 keys which will be in OpenSSH format.

        For OpenSSH >= 7.8 all private key types will be in the OpenSSH format.

        Using this option when regenerate=partial_idempotence or regenerate=full_idempotence will cause a new keypair to be generated if the private key’s format does not match the value of private_key_format. This module will not however convert existing private keys between formats.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "pkcs1"

        • "pkcs8"

        • "ssh"

          • @@ -326,7 +329,7 @@ see

        regenerate

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Allows to configure in which situations the module is allowed to regenerate private keys. The module will always generate a new key if the destination file does not exist.

        By default, the key will be regenerated when it does not match the module’s options, except when the key cannot be read or the passphrase does not match. Please note that this changed for Ansible 2.10. For Ansible 2.9, the behavior was as if full_idempotence is specified.

        @@ -336,11 +339,11 @@ see full_idempotence, the key will be regenerated if it does not conform to the module’s options. This is also the case if the key cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a backup when using this option!

        If set to always, the module will always regenerate the key. This is equivalent to setting force to true.

        Note that adjusting the comment and the permissions can be changed without regeneration. Therefore, even for never, the task can result in changed.

        -

        Choices:

        +

        Choices:

        • "never"

        • "fail"

          • -

        • "partial_idempotence" ← (default)

          • +

        • "partial_idempotence" ← (default)

        • "full_idempotence"

        • "always"

        @@ -392,9 +395,9 @@ see

        string

        Whether the private and public keys should exist or not, taking action if the state is different from what is stated.

        -

        Choices:

        +

        Choices:

          -

        • "present" ← (default)

          • +

        • "present" ← (default)

        • "absent"

        The algorithm used to generate the SSH private key. rsa1 is for protocol version 1. rsa1 is deprecated and may not be supported by every version of ssh-keygen.

        -

        Choices:

        +

        Choices:

        +
        @@ -445,7 +448,7 @@ see - @@ -453,7 +456,7 @@ see - @@ -461,7 +464,7 @@ see - @@ -510,7 +513,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: full

        +

        Support: full

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        safe_file_operations

        Support: full

        +

        Support: full

        Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
        +
        @@ -522,8 +525,8 @@ see

        string

        @@ -581,13 +584,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_certificate_info_module.html b/branch/main/openssl_certificate_info_module.html index c5b7357b..5317cc80 100644 --- a/branch/main/openssl_certificate_info_module.html +++ b/branch/main/openssl_certificate_info_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_certificate_info — Community.Crypto Collection documentation diff --git a/branch/main/openssl_certificate_module.html b/branch/main/openssl_certificate_module.html index eba3945d..c6af650e 100644 --- a/branch/main/openssl_certificate_module.html +++ b/branch/main/openssl_certificate_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_certificate — Community.Crypto Collection documentation diff --git a/branch/main/openssl_csr_info_filter.html b/branch/main/openssl_csr_info_filter.html index 6adf4b15..b3a9bdad 100644 --- a/branch/main/openssl_csr_info_filter.html +++ b/branch/main/openssl_csr_info_filter.html @@ -2,6 +2,7 @@ +community.crypto.openssl_csr_info filter – Retrieve information from OpenSSL Certificate Signing Requests (CSR) — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This filter plugin is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this filter plugin, see Requirements for details.

        @@ -205,7 +208,7 @@ see

        Input

        This describes the input of the filter, the value before | community.crypto.openssl_csr_info.

        -

        Key

        Description

        The comment of the generated key.

        -

        Returned: changed or success

        -

        Sample: "test@comment"

        +

        Returned: changed or success

        +

        Sample: "test@comment"
        @@ -531,8 +534,8 @@ see

        string

        Path to the generated SSH private key file.

        -

        Returned: changed or success

        -

        Sample: "/tmp/id_ssh_rsa"

        +

        Returned: changed or success

        +

        Sample: "/tmp/id_ssh_rsa"
        @@ -540,8 +543,8 @@ see

        string

        The fingerprint of the key.

        -

        Returned: changed or success

        -

        Sample: "SHA256:r4YCZxihVjedH2OlfjVGI6Y5xAYtdCwk8VxKyzVyYfM"

        +

        Returned: changed or success

        +

        Sample: "SHA256:r4YCZxihVjedH2OlfjVGI6Y5xAYtdCwk8VxKyzVyYfM"
        @@ -549,8 +552,8 @@ see

        string

        The public key of the generated SSH private key.

        -

        Returned: changed or success

        -

        Sample: "ssh-rsa AAAAB3Nza(...omitted...)veL4E3Xcw=="

        +

        Returned: changed or success

        +

        Sample: "ssh-rsa AAAAB3Nza(...omitted...)veL4E3Xcw=="
        @@ -558,8 +561,8 @@ see

        integer

        Size (in bits) of the SSH private key.

        -

        Returned: changed or success

        -

        Sample: 4096

        +

        Returned: changed or success

        +

        Sample: 4096
        @@ -567,8 +570,8 @@ see

        string

        Algorithm used to generate the SSH private key.

        -

        Returned: changed or success

        -

        Sample: "rsa"

        +

        Returned: changed or success

        +

        Sample: "rsa"
        +
        @@ -226,7 +229,7 @@ see Keyword parameters

        This describes keyword parameters of the filter. These are the values key1=value1, key2=value2 and so on in the following example: input | community.crypto.openssl_csr_info(key1=value1, key2=value2, ...)

        -

        Parameter

        Comments
        +
        @@ -242,9 +245,9 @@ example: inputidna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

        unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

        Note that idna and unicode require the idna Python library to be installed.

        -

        Choices:

        +

        Choices:

          -

        • "ignore" ← (default)

          • +

        • "ignore" ← (default)

        • "idna"

        • "unicode"

        @@ -279,7 +282,7 @@ example: input

        Return Value

        -

        Parameter

        Comments

        +
        @@ -291,7 +294,7 @@ example: input

        dictionary

         @@ -642,13 +645,14 @@ example: input + + diff --git a/branch/main/openssl_csr_info_module.html b/branch/main/openssl_csr_info_module.html index c858590f..a7928790 100644 --- a/branch/main/openssl_csr_info_module.html +++ b/branch/main/openssl_csr_info_module.html @@ -2,6 +2,7 @@ + community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR) — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -205,7 +208,7 @@ see

        Parameters

        -

        Key

        Description

        Information on the certificate.

        -

        Returned: success

        +

        Returned: success
        @@ -301,8 +304,8 @@ example: input

        The CSR’s authority cert issuer as a list of general names.

        Is none if the AuthorityKeyIdentifier extension is not present.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

        +

        Returned: success

        +

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]
        @@ -311,8 +314,8 @@ example: input

        The CSR’s authority cert serial number.

        Is none if the AuthorityKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: 12345

        +

        Returned: success

        +

        Sample: 12345
        @@ -322,8 +325,8 @@ example: input

        The CSR’s authority key identifier.

        The identifier is returned in hexadecimal, with : used to separate bytes.

        Is none if the AuthorityKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

        +

        Returned: success

        +

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"
        @@ -331,8 +334,8 @@ example: input

        list / elements=string

        Entries in the basic_constraints extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: ["CA:TRUE", "pathlen:1"]

        +

        Returned: success

        +

        Sample: ["CA:TRUE", "pathlen:1"]
        @@ -340,7 +343,7 @@ example: input

        boolean

        Whether the basic_constraints extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -348,8 +351,8 @@ example: input

        list / elements=string

        Entries in the extended_key_usage extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: ["Biometric Info", "DVCS", "Time Stamping"]

        +

        Returned: success

        +

        Sample: ["Biometric Info", "DVCS", "Time Stamping"]
        @@ -357,7 +360,7 @@ example: input

        boolean

        Whether the extended_key_usage extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -365,8 +368,8 @@ example: input

        dictionary

        Returns a dictionary for every extension OID

        -

        Returned: success

        -

        Sample: {"1.3.6.1.5.5.7.1.24": {"critical": false, "value": "MAMCAQU="}}

        +

        Returned: success

        +

        Sample: {"1.3.6.1.5.5.7.1.24": {"critical": false, "value": "MAMCAQU="}}
        @@ -374,7 +377,7 @@ example: input

        boolean

        Whether the extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -383,8 +386,8 @@ example: input

        The Base64 encoded value (in DER format) of the extension.

        Note that depending on the cryptography version used, it is not possible to extract the ASN.1 content of the extension, but only to provide the re-encoded content of the extension in case it was parsed by cryptography. This should usually result in exactly the same value, except if the original extension value was malformed.

        -

        Returned: success

        -

        Sample: "MAMCAQU="

        +

        Returned: success

        +

        Sample: "MAMCAQU="
        @@ -392,8 +395,8 @@ example: input

        string

        Entries in the key_usage extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: "['Key Agreement', 'Data Encipherment']"

        +

        Returned: success

        +

        Sample: "['Key Agreement', 'Data Encipherment']"
        @@ -401,7 +404,7 @@ example: input

        boolean

        Whether the key_usage extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -410,7 +413,7 @@ example: input

        Whether the name_constraints extension is critical.

        Is none if extension is not present.

        -

        Returned: success

        +

        Returned: success
        @@ -420,8 +423,8 @@ example: input

        List of excluded subtrees the CA cannot sign certificates for.

        Is none if extension is not present.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["email:.com"]

        +

        Returned: success

        +

        Sample: ["email:.com"]
        @@ -429,8 +432,8 @@ example: input

        list / elements=string

        List of permitted subtrees to sign certificates for.

        -

        Returned: success

        -

        Sample: ["email:.somedomain.com"]

        +

        Returned: success

        +

        Sample: ["email:.somedomain.com"]
        @@ -438,7 +441,7 @@ example: input

        boolean

        true if the OCSP Must Staple extension is present, none otherwise.

        -

        Returned: success

        +

        Returned: success
        @@ -446,7 +449,7 @@ example: input

        boolean

        Whether the ocsp_must_staple extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -454,8 +457,8 @@ example: input

        string

        CSR’s public key in PEM format

        -

        Returned: success

        -

        Sample: "-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."

        +

        Returned: success

        +

        Sample: "-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."
        @@ -463,7 +466,7 @@ example: input

        dictionary

        Public key data. Depends on the public key’s type.

        -

        Returned: success

        +

        Returned: success
        @@ -471,7 +474,7 @@ example: input

        string

        The curve’s name for ECC.

        -

        Returned: When _value.public_key_type=ECC

        +

        Returned: When _value.public_key_type=ECC
        @@ -479,7 +482,7 @@ example: input

        integer

        The RSA key’s public exponent.

        -

        Returned: When _value.public_key_type=RSA

        +

        Returned: When _value.public_key_type=RSA
        @@ -487,7 +490,7 @@ example: input

        integer

        The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

        -

        Returned: When _value.public_key_type=ECC

        +

        Returned: When _value.public_key_type=ECC
        @@ -496,7 +499,7 @@ example: input

        The g value for DSA.

        This is the element spanning the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When _value.public_key_type=DSA

        +

        Returned: When _value.public_key_type=DSA
        @@ -504,7 +507,7 @@ example: input

        integer

        The RSA key’s modulus.

        -

        Returned: When _value.public_key_type=RSA

        +

        Returned: When _value.public_key_type=RSA
        @@ -513,7 +516,7 @@ example: input

        The p value for DSA.

        This is the prime modulus upon which arithmetic takes place.

        -

        Returned: When _value.public_key_type=DSA

        +

        Returned: When _value.public_key_type=DSA
        @@ -522,7 +525,7 @@ example: input

        The q value for DSA.

        This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When _value.public_key_type=DSA

        +

        Returned: When _value.public_key_type=DSA
        @@ -530,7 +533,7 @@ example: input

        integer

        Bit size of modulus (RSA) or prime number (DSA).

        -

        Returned: When _value.public_key_type=RSA or _value.public_key_type=DSA

        +

        Returned: When _value.public_key_type=RSA or _value.public_key_type=DSA
        @@ -538,7 +541,7 @@ example: input

        integer

        The x coordinate for the public point on the elliptic curve.

        -

        Returned: When _value.public_key_type=ECC

        +

        Returned: When _value.public_key_type=ECC
        @@ -547,7 +550,7 @@ example: input

        For _value.public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

        For _value.public_key_type=DSA, this is the publicly known group element whose discrete logarithm with respect to g is the private key.

        -

        Returned: When _value.public_key_type=DSA or _value.public_key_type=ECC

        +

        Returned: When _value.public_key_type=DSA or _value.public_key_type=ECC
        @@ -556,8 +559,8 @@ example: input

        Fingerprints of CSR’s public key.

        For every hash algorithm available, the fingerprint is computed.

        -

        Returned: success

        -

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        +

        Returned: success

        +

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."
        @@ -567,8 +570,8 @@ example: input

        The CSR’s public key’s type.

        One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

        Will start with unknown if the key type cannot be determined.

        -

        Returned: success

        -

        Sample: "RSA"

        +

        Returned: success

        +

        Sample: "RSA"
        @@ -577,7 +580,7 @@ example: input

        Whether the CSR’s signature is valid.

        In case the check returns false, the module will fail.

        -

        Returned: success

        +

        Returned: success
        @@ -586,8 +589,8 @@ example: input

        The CSR’s subject as a dictionary.

        Note that for repeated values, only the last one will be returned.

        -

        Returned: success

        -

        Sample: {"commonName": "www.example.com", "emailAddress": "test@example.com"}

        +

        Returned: success

        +

        Sample: {"commonName": "www.example.com", "emailAddress": "test@example.com"}
        @@ -596,8 +599,8 @@ example: input

        Entries in the subject_alt_name extension, or none if extension is not present.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

        +

        Returned: success

        +

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]
        @@ -605,7 +608,7 @@ example: input

        boolean

        Whether the subject_alt_name extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -615,8 +618,8 @@ example: input

        The CSR’s subject key identifier.

        The identifier is returned in hexadecimal, with : used to separate bytes.

        Is none if the SubjectKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

        +

        Returned: success

        +

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"
        @@ -624,8 +627,8 @@ example: input

        list / elements=list

        The CSR’s subject as an ordered list of tuples.

        -

        Returned: success

        -

        Sample: [["commonName", "www.example.com"], [{"emailAddress": "test@example.com"}]]

        +

        Returned: success

        +

        Sample: [["commonName", "www.example.com"], [{"emailAddress": "test@example.com"}]]
        +
        @@ -215,7 +218,7 @@ see @@ -265,7 +268,7 @@ see

        Attributes

        -

        Parameter

        Comments

        content

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Content of the CSR file.

        Either path or content must be specified, but not both.

        @@ -230,9 +233,9 @@ see idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

        unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

        Note that idna and unicode require the idna Python library to be installed.

        -

        Choices:

        +

        Choices:

          -

        • "ignore" ← (default)

          • +

        • "ignore" ← (default)

        • "idna"

        • "unicode"

        @@ -253,9 +256,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        +
        @@ -276,7 +279,7 @@ see - -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        This action does not modify state.

        Can run in check_mode and return changed status prediction without modifying target.

        @@ -285,7 +288,7 @@ see

        diff_mode

        Support: N/A

        +

        Support: N/A

        This action does not modify state.

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        @@ -330,7 +333,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        - +
        @@ -344,8 +347,8 @@ see

        The CSR’s authority cert issuer as a list of general names.

        Is none if the AuthorityKeyIdentifier extension is not present.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

        +

        Returned: success

        +

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

        @@ -687,13 +690,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_csr_module.html b/branch/main/openssl_csr_module.html index 435ab3bd..a37ef771 100644 --- a/branch/main/openssl_csr_module.html +++ b/branch/main/openssl_csr_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_csr module – Generate OpenSSL Certificate Signing Request (CSR) — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -206,7 +209,7 @@ see

        Parameters

        -

        Key

        Description
        @@ -354,8 +357,8 @@ see

        The CSR’s authority cert serial number.

        Is none if the AuthorityKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: 12345

        +

        Returned: success

        +

        Sample: 12345
        @@ -365,8 +368,8 @@ see

        The CSR’s authority key identifier.

        The identifier is returned in hexadecimal, with : used to separate bytes.

        Is none if the AuthorityKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

        +

        Returned: success

        +

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"
        @@ -374,8 +377,8 @@ see

        list / elements=string

        Entries in the basic_constraints extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: ["CA:TRUE", "pathlen:1"]

        +

        Returned: success

        +

        Sample: ["CA:TRUE", "pathlen:1"]
        @@ -383,7 +386,7 @@ see

        boolean

        Whether the basic_constraints extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -391,8 +394,8 @@ see

        list / elements=string

        Entries in the extended_key_usage extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: ["Biometric Info", "DVCS", "Time Stamping"]

        +

        Returned: success

        +

        Sample: ["Biometric Info", "DVCS", "Time Stamping"]
        @@ -400,7 +403,7 @@ see

        boolean

        Whether the extended_key_usage extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -408,8 +411,8 @@ see

        dictionary

        Returns a dictionary for every extension OID

        -

        Returned: success

        -

        Sample: {"1.3.6.1.5.5.7.1.24": {"critical": false, "value": "MAMCAQU="}}

        +

        Returned: success

        +

        Sample: {"1.3.6.1.5.5.7.1.24": {"critical": false, "value": "MAMCAQU="}}
        @@ -417,7 +420,7 @@ see

        boolean

        Whether the extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -426,8 +429,8 @@ see

        The Base64 encoded value (in DER format) of the extension.

        Note that depending on the cryptography version used, it is not possible to extract the ASN.1 content of the extension, but only to provide the re-encoded content of the extension in case it was parsed by cryptography. This should usually result in exactly the same value, except if the original extension value was malformed.

        -

        Returned: success

        -

        Sample: "MAMCAQU="

        +

        Returned: success

        +

        Sample: "MAMCAQU="
        @@ -435,8 +438,8 @@ see

        string

        Entries in the key_usage extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: "['Key Agreement', 'Data Encipherment']"

        +

        Returned: success

        +

        Sample: "['Key Agreement', 'Data Encipherment']"
        @@ -444,39 +447,39 @@ see

        boolean

        Whether the key_usage extension is critical.

        -

        Returned: success

        +

        Returned: success

        name_constraints_critical

        boolean

        -

        added in community.crypto 1.1.0

        +

        added in community.crypto 1.1.0

        Whether the name_constraints extension is critical.

        Is none if extension is not present.

        -

        Returned: success

        +

        Returned: success

        name_constraints_excluded

        list / elements=string

        -

        added in community.crypto 1.1.0

        +

        added in community.crypto 1.1.0

        List of excluded subtrees the CA cannot sign certificates for.

        Is none if extension is not present.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["email:.com"]

        +

        Returned: success

        +

        Sample: ["email:.com"]

        name_constraints_permitted

        list / elements=string

        -

        added in community.crypto 1.1.0

        +

        added in community.crypto 1.1.0

        List of permitted subtrees to sign certificates for.

        -

        Returned: success

        -

        Sample: ["email:.somedomain.com"]

        +

        Returned: success

        +

        Sample: ["email:.somedomain.com"]
        @@ -484,7 +487,7 @@ see

        boolean

        true if the OCSP Must Staple extension is present, none otherwise.

        -

        Returned: success

        +

        Returned: success
        @@ -492,7 +495,7 @@ see

        boolean

        Whether the ocsp_must_staple extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -500,17 +503,17 @@ see

        string

        CSR’s public key in PEM format

        -

        Returned: success

        -

        Sample: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."

        +

        Returned: success

        +

        Sample: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."

        public_key_data

        dictionary

        -

        added in community.crypto 1.7.0

        +

        added in community.crypto 1.7.0

        Public key data. Depends on the public key’s type.

        -

        Returned: success

        +

        Returned: success
        @@ -518,7 +521,7 @@ see

        string

        The curve’s name for ECC.

        -

        Returned: When public_key_type=ECC

        +

        Returned: When public_key_type=ECC
        @@ -526,7 +529,7 @@ see

        integer

        The RSA key’s public exponent.

        -

        Returned: When public_key_type=RSA

        +

        Returned: When public_key_type=RSA
        @@ -534,7 +537,7 @@ see

        integer

        The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

        -

        Returned: When public_key_type=ECC

        +

        Returned: When public_key_type=ECC
        @@ -543,7 +546,7 @@ see

        The g value for DSA.

        This is the element spanning the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When public_key_type=DSA

        +

        Returned: When public_key_type=DSA
        @@ -551,7 +554,7 @@ see

        integer

        The RSA key’s modulus.

        -

        Returned: When public_key_type=RSA

        +

        Returned: When public_key_type=RSA
        @@ -560,7 +563,7 @@ see

        The p value for DSA.

        This is the prime modulus upon which arithmetic takes place.

        -

        Returned: When public_key_type=DSA

        +

        Returned: When public_key_type=DSA
        @@ -569,7 +572,7 @@ see

        The q value for DSA.

        This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When public_key_type=DSA

        +

        Returned: When public_key_type=DSA
        @@ -577,7 +580,7 @@ see

        integer

        Bit size of modulus (RSA) or prime number (DSA).

        -

        Returned: When public_key_type=RSA or public_key_type=DSA

        +

        Returned: When public_key_type=RSA or public_key_type=DSA
        @@ -585,7 +588,7 @@ see

        integer

        The x coordinate for the public point on the elliptic curve.

        -

        Returned: When public_key_type=ECC

        +

        Returned: When public_key_type=ECC
        @@ -594,7 +597,7 @@ see

        For public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

        For public_key_type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

        -

        Returned: When public_key_type=DSA or public_key_type=ECC

        +

        Returned: When public_key_type=DSA or public_key_type=ECC
        @@ -603,20 +606,20 @@ see

        Fingerprints of CSR’s public key.

        For every hash algorithm available, the fingerprint is computed.

        -

        Returned: success

        -

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        +

        Returned: success

        +

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        public_key_type

        string

        -

        added in community.crypto 1.7.0

        +

        added in community.crypto 1.7.0

        The CSR’s public key’s type.

        One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

        Will start with unknown if the key type cannot be determined.

        -

        Returned: success

        -

        Sample: "RSA"

        +

        Returned: success

        +

        Sample: "RSA"
        @@ -625,7 +628,7 @@ see

        Whether the CSR’s signature is valid.

        In case the check returns false, the module will fail.

        -

        Returned: success

        +

        Returned: success
        @@ -634,8 +637,8 @@ see

        The CSR’s subject as a dictionary.

        Note that for repeated values, only the last one will be returned.

        -

        Returned: success

        -

        Sample: {"commonName": "www.example.com", "emailAddress": "test@example.com"}

        +

        Returned: success

        +

        Sample: {"commonName": "www.example.com", "emailAddress": "test@example.com"}
        @@ -644,8 +647,8 @@ see

        Entries in the subject_alt_name extension, or none if extension is not present.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

        +

        Returned: success

        +

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]
        @@ -653,7 +656,7 @@ see

        boolean

        Whether the subject_alt_name extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -663,8 +666,8 @@ see

        The CSR’s subject key identifier.

        The identifier is returned in hexadecimal, with : used to separate bytes.

        Is none if the SubjectKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

        +

        Returned: success

        +

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"
        @@ -672,8 +675,8 @@ see

        list / elements=list

        The CSR’s subject as an ordered list of tuples.

        -

        Returned: success

        -

        Sample: [["commonName", "www.example.com"], [{"emailAddress": "test@example.com"}]]

        +

        Returned: success

        +

        Sample: [["commonName", "www.example.com"], [{"emailAddress": "test@example.com"}]]
        +
        @@ -265,9 +268,9 @@ see

        boolean

        @@ -288,9 +291,9 @@ see boolean

         @@ -322,9 +325,9 @@ see

        Create the Subject Key Identifier from the public key.

        Please note that commercial CAs can ignore the value, respectively use a value of their own choice instead. Specifying this option is mostly useful for self-signed certificates or for own CAs.

        Note that this is only supported if the cryptography backend is used!

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -332,7 +335,7 @@ see         @@ -430,9 +433,9 @@ see

        boolean

        @@ -461,9 +464,9 @@ see boolean

         @@ -494,12 +497,12 @@ see @@ -507,7 +510,7 @@ see @@ -544,9 +547,9 @@ see

        Should the OCSP Must Staple extension be considered as critical.

        Note that according to the RFC, this extension should not be marked as critical, as old clients not knowing about OCSP Must Staple are required to reject such certificates (see https://tools.ietf.org/html/rfc7633#section-4).

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -590,7 +593,7 @@ see @@ -632,9 +635,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        @@ -678,10 +681,10 @@ see

        string

        @@ -724,9 +727,9 @@ see boolean

         @@ -745,7 +748,7 @@ see @@ -774,10 +777,10 @@ see boolean

         @@ -788,9 +791,9 @@ see

        The version of the certificate signing request.

        The only allowed value according to RFC 2986 is 1.

        This option no longer accepts unsupported values since community.crypto 2.0.0.

        -

        Choices:

        +

        Choices:

          -

        • 1 ← (default)

          • +

        • 1 ← (default)

        @@ -799,7 +802,7 @@ see

        Attributes

        -

        Parameter

        Comments

        Create a backup file including a timestamp so you can get the original CSR back if you overwrote it with a new one by accident.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Should the basicConstraints extension be considered as critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        crl_distribution_points

        list / elements=dictionary

        -

        added in community.crypto 1.4.0

        +

        added in community.crypto 1.4.0

        Allows to specify one or multiple CRL distribution points.

        Only supported by the cryptography backend.

        @@ -359,7 +362,7 @@ see

        list / elements=string

        List of reasons that this distribution point can be used for when performing revocation checks.

        -

        Choices:

        +

        Choices:

        • "key_compromise"

        • "ca_compromise"

          • @@ -387,7 +390,7 @@ see

          string

        The digest used when signing the certificate signing request with the private key.

        -

        Default: "sha256"

        +

        Default: "sha256"
        @@ -418,9 +421,9 @@ see boolean

        Should the extkeyUsage extension be considered as critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Should the certificate signing request be forced regenerated by this ansible module.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Should the keyUsage extension be considered as critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        name_constraints_critical

        boolean

        -

        added in community.crypto 1.1.0

        +

        added in community.crypto 1.1.0

        Should the Name Constraints extension be considered as critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        name_constraints_excluded

        list / elements=string

        -

        added in community.crypto 1.1.0

        +

        added in community.crypto 1.1.0

        For CA certificates, this specifies a list of identifiers which describe subtrees of names that this CA is not allowed to issue certificates for.

        Values must be prefixed by their options. (That is, email, URI, DNS, RID, IP, dirName, otherName, and the ones specific to your CA).

        @@ -516,7 +519,7 @@ see

        name_constraints_permitted

        list / elements=string

        -

        added in community.crypto 1.1.0

        +

        added in community.crypto 1.1.0

        For CA certificates, this specifies a list of identifiers which describe subtrees of names that this CA is allowed to issue certificates for.

        Values must be prefixed by their options. (That is, email, URI, DNS, RID, IP, dirName, otherName, and the ones specific to your CA).

        @@ -529,9 +532,9 @@ see boolean

        Indicates that the certificate should contain the OCSP Must Staple extension (https://tools.ietf.org/html/rfc7633).

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        privatekey_content

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        The content of the private key to use when signing the certificate signing request.

        Either privatekey_path or privatekey_content must be specified if state is present, but not both.

        @@ -615,12 +618,12 @@ see

        return_content

        boolean

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        If set to true, will return the (current or generated) CSR’s content as csr.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Whether the certificate signing request should exist or not, taking action if the state is different from what is stated.

        -

        Choices:

        +

        Choices:

        • "absent"

          • -

        • "present" ← (default)

          • +

        • "present" ← (default)

        Should the subjectAltName extension be considered as critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        subject_ordered

        list / elements=dictionary

        -

        added in community.crypto 2.0.0

        +

        added in community.crypto 2.0.0

        A list of dictionaries, where every dictionary must contain one key/value pair. This key/value pair will be present in the subject name field of the certificate signing request.

        If you want to specify more than one value with the same key in a row, you can use a list as value.

        @@ -760,9 +763,9 @@ see Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        If set to true, the module will fill the common name in for subject_alt_name with DNS: prefix if no SAN is specified.

        -

        Choices:

        +

        Choices:

        • false

          • -

        • true ← (default)

          • +

        • true ← (default)
        +
        @@ -810,7 +813,7 @@ see - @@ -818,7 +821,7 @@ see - @@ -826,7 +829,7 @@ see - @@ -969,7 +972,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: full

        +

        Support: full

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        safe_file_operations

        Support: full

        +

        Support: full

        Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
        +
        @@ -981,8 +984,8 @@ see

        string

        @@ -1098,13 +1101,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_csr_pipe_module.html b/branch/main/openssl_csr_pipe_module.html index 27532fa9..d15686ab 100644 --- a/branch/main/openssl_csr_pipe_module.html +++ b/branch/main/openssl_csr_pipe_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_csr_pipe module – Generate OpenSSL Certificate Signing Request (CSR) — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -207,7 +210,7 @@ see

        Parameters

        -

        Key

        Description

        Name of backup file created.

        -

        Returned: changed and if backup is true

        -

        Sample: "/path/to/www.ansible.com.csr.2019-03-09@11:22~"

        +

        Returned: changed and if backup is true

        +

        Sample: "/path/to/www.ansible.com.csr.2019-03-09@11:22~"
        @@ -990,17 +993,17 @@ see

        list / elements=string

        Indicates if the certificate belongs to a CA

        -

        Returned: changed or success

        -

        Sample: ["CA:TRUE", "pathLenConstraint:0"]

        +

        Returned: changed or success

        +

        Sample: ["CA:TRUE", "pathLenConstraint:0"]

        csr

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        The (current or generated) CSR’s content.

        -

        Returned: if state is present and return_content is true

        +

        Returned: if state is present and return_content is true
        @@ -1008,8 +1011,8 @@ see

        list / elements=string

        Additional restriction on the public key purposes

        -

        Returned: changed or success

        -

        Sample: ["clientAuth"]

        +

        Returned: changed or success

        +

        Sample: ["clientAuth"]
        @@ -1017,8 +1020,8 @@ see

        string

        Path to the generated Certificate Signing Request

        -

        Returned: changed or success

        -

        Sample: "/etc/ssl/csr/www.ansible.com.csr"

        +

        Returned: changed or success

        +

        Sample: "/etc/ssl/csr/www.ansible.com.csr"
        @@ -1026,28 +1029,28 @@ see

        list / elements=string

        Purpose for which the public key may be used

        -

        Returned: changed or success

        -

        Sample: ["digitalSignature", "keyAgreement"]

        +

        Returned: changed or success

        +

        Sample: ["digitalSignature", "keyAgreement"]

        name_constraints_excluded

        list / elements=string

        -

        added in community.crypto 1.1.0

        +

        added in community.crypto 1.1.0

        List of excluded subtrees the CA cannot sign certificates for.

        -

        Returned: changed or success

        -

        Sample: ["email:.com"]

        +

        Returned: changed or success

        +

        Sample: ["email:.com"]

        name_constraints_permitted

        list / elements=string

        -

        added in community.crypto 1.1.0

        +

        added in community.crypto 1.1.0

        List of permitted subtrees to sign certificates for.

        -

        Returned: changed or success

        -

        Sample: ["email:.somedomain.com"]

        +

        Returned: changed or success

        +

        Sample: ["email:.somedomain.com"]
        @@ -1055,8 +1058,8 @@ see

        boolean

        Indicates whether the certificate has the OCSP Must Staple feature enabled

        -

        Returned: changed or success

        -

        Sample: false

        +

        Returned: changed or success

        +

        Sample: false
        @@ -1065,8 +1068,8 @@ see

        Path to the TLS/SSL private key the CSR was generated for

        Will be none if the private key has been provided in privatekey_content.

        -

        Returned: changed or success

        -

        Sample: "/etc/ssl/private/ansible.com.pem"

        +

        Returned: changed or success

        +

        Sample: "/etc/ssl/private/ansible.com.pem"
        @@ -1074,8 +1077,8 @@ see

        list / elements=list

        A list of the subject tuples attached to the CSR

        -

        Returned: changed or success

        -

        Sample: [["CN", "www.ansible.com"], ["O", "Ansible"]]

        +

        Returned: changed or success

        +

        Sample: [["CN", "www.ansible.com"], ["O", "Ansible"]]
        @@ -1083,8 +1086,8 @@ see

        list / elements=string

        The alternative names this CSR is valid for

        -

        Returned: changed or success

        -

        Sample: ["DNS:www.ansible.com", "DNS:m.ansible.com"]

        +

        Returned: changed or success

        +

        Sample: ["DNS:www.ansible.com", "DNS:m.ansible.com"]
        +
        @@ -265,9 +268,9 @@ see boolean

         @@ -306,9 +309,9 @@ see

        Create the Subject Key Identifier from the public key.

        Please note that commercial CAs can ignore the value, respectively use a value of their own choice instead. Specifying this option is mostly useful for self-signed certificates or for own CAs.

        Note that this is only supported if the cryptography backend is used!

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -316,7 +319,7 @@ see         @@ -425,9 +428,9 @@ see boolean

         @@ -447,9 +450,9 @@ see

        boolean

        @@ -477,9 +480,9 @@ see boolean

         @@ -492,9 +495,9 @@ see

        Should the OCSP Must Staple extension be considered as critical.

        Note that according to the RFC, this extension should not be marked as critical, as old clients not knowing about OCSP Must Staple are required to reject such certificates (see https://tools.ietf.org/html/rfc7633#section-4).

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -550,9 +553,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        @@ -596,9 +599,9 @@ see boolean

         @@ -617,7 +620,7 @@ see @@ -645,9 +648,9 @@ see

        The version of the certificate signing request.

        The only allowed value according to RFC 2986 is 1.

        This option no longer accepts unsupported values since community.crypto 2.0.0.

        -

        Choices:

        +

        Choices:

          -

        • 1 ← (default)

          • +

        • 1 ← (default)

        @@ -656,7 +659,7 @@ see

        Attributes

        -

        Parameter

        Comments

        Should the basicConstraints extension be considered as critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        crl_distribution_points

        list / elements=dictionary

        -

        added in community.crypto 1.4.0

        +

        added in community.crypto 1.4.0

        Allows to specify one or multiple CRL distribution points.

        Only supported by the cryptography backend.

        @@ -343,7 +346,7 @@ see

        list / elements=string

        List of reasons that this distribution point can be used for when performing revocation checks.

        -

        Choices:

        +

        Choices:

        • "key_compromise"

        • "ca_compromise"

          • @@ -371,7 +374,7 @@ see

          string

        The digest used when signing the certificate signing request with the private key.

        -

        Default: "sha256"

        +

        Default: "sha256"
        @@ -402,9 +405,9 @@ see boolean

        Should the extkeyUsage extension be considered as critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Should the keyUsage extension be considered as critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Should the Name Constraints extension be considered as critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Indicates that the certificate should contain the OCSP Must Staple extension (https://tools.ietf.org/html/rfc7633).

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Should the subjectAltName extension be considered as critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        subject_ordered

        list / elements=dictionary

        -

        added in community.crypto 2.0.0

        +

        added in community.crypto 2.0.0

        A list of dictionaries, where every dictionary must contain one key/value pair. This key/value pair will be present in the subject name field of the certificate signing request.

        If you want to specify more than one value with the same key in a row, you can use a list as value.

        @@ -631,10 +634,10 @@ see boolean

        If set to true, the module will fill the common name in for subject_alt_name with DNS: prefix if no SAN is specified.

        -

        Choices:

        +

        Choices:

        • false

          • -

        • true ← (default)

          • +

        • true ← (default)
        +
        @@ -667,7 +670,7 @@ see - @@ -675,7 +678,7 @@ see - @@ -746,7 +749,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: full

        +

        Support: full

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.
        +
        @@ -758,8 +761,8 @@ see

        list / elements=string

        @@ -854,13 +857,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_dhparam_module.html b/branch/main/openssl_dhparam_module.html index d636bfce..07221acd 100644 --- a/branch/main/openssl_dhparam_module.html +++ b/branch/main/openssl_dhparam_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_dhparam module – Generate OpenSSL Diffie-Hellman Parameters — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -206,7 +209,7 @@ see

        Parameters

        -

        Key

        Description

        Indicates if the certificate belongs to a CA

        -

        Returned: changed or success

        -

        Sample: ["CA:TRUE", "pathLenConstraint:0"]

        +

        Returned: changed or success

        +

        Sample: ["CA:TRUE", "pathLenConstraint:0"]
        @@ -767,7 +770,7 @@ see

        string

        The (current or generated) CSR’s content.

        -

        Returned: changed or success

        +

        Returned: changed or success
        @@ -775,8 +778,8 @@ see

        list / elements=string

        Additional restriction on the public key purposes

        -

        Returned: changed or success

        -

        Sample: ["clientAuth"]

        +

        Returned: changed or success

        +

        Sample: ["clientAuth"]
        @@ -784,8 +787,8 @@ see

        list / elements=string

        Purpose for which the public key may be used

        -

        Returned: changed or success

        -

        Sample: ["digitalSignature", "keyAgreement"]

        +

        Returned: changed or success

        +

        Sample: ["digitalSignature", "keyAgreement"]
        @@ -793,8 +796,8 @@ see

        list / elements=string

        List of excluded subtrees the CA cannot sign certificates for.

        -

        Returned: changed or success

        -

        Sample: ["email:.com"]

        +

        Returned: changed or success

        +

        Sample: ["email:.com"]
        @@ -802,8 +805,8 @@ see

        list / elements=string

        List of permitted subtrees to sign certificates for.

        -

        Returned: changed or success

        -

        Sample: ["email:.somedomain.com"]

        +

        Returned: changed or success

        +

        Sample: ["email:.somedomain.com"]
        @@ -811,8 +814,8 @@ see

        boolean

        Indicates whether the certificate has the OCSP Must Staple feature enabled

        -

        Returned: changed or success

        -

        Sample: false

        +

        Returned: changed or success

        +

        Sample: false
        @@ -821,8 +824,8 @@ see

        Path to the TLS/SSL private key the CSR was generated for

        Will be none if the private key has been provided in privatekey_content.

        -

        Returned: changed or success

        -

        Sample: "/etc/ssl/private/ansible.com.pem"

        +

        Returned: changed or success

        +

        Sample: "/etc/ssl/private/ansible.com.pem"
        @@ -830,8 +833,8 @@ see

        list / elements=list

        A list of the subject tuples attached to the CSR

        -

        Returned: changed or success

        -

        Sample: [["CN", "www.ansible.com"], ["O", "Ansible"]]

        +

        Returned: changed or success

        +

        Sample: [["CN", "www.ansible.com"], ["O", "Ansible"]]
        @@ -839,8 +842,8 @@ see

        list / elements=string

        The alternative names this CSR is valid for

        -

        Returned: changed or success

        -

        Sample: ["DNS:www.ansible.com", "DNS:m.ansible.com"]

        +

        Returned: changed or success

        +

        Sample: ["DNS:www.ansible.com", "DNS:m.ansible.com"]
        +
        @@ -230,9 +233,9 @@ see

        boolean

        @@ -242,9 +245,9 @@ see

        boolean

        @@ -289,12 +292,12 @@ see @@ -302,15 +305,15 @@ see @@ -378,9 +381,9 @@ see Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -390,7 +393,7 @@ see

        Attributes

        -

        Parameter

        Comments

        Create a backup file including a timestamp so you can get the original DH params back if you overwrote them with new ones by accident.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Should the parameters be regenerated even it it already exists.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        return_content

        boolean

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        If set to true, will return the (current or generated) DH parameter’s content as dhparams.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        select_crypto_backend

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

        If set to openssl, will try to use the OpenSSL openssl executable.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        • "openssl"

        @@ -355,7 +358,7 @@ see

        integer

        Size (in bits) of the generated DH-params.

        -

        Default: 4096

        +

        Default: 4096
        @@ -363,10 +366,10 @@ see

        string

        Whether the parameters should exist or not, taking action if the state is different from what is stated.

        -

        Choices:

        +

        Choices:

        • "absent"

          • -

        • "present" ← (default)

          • +

        • "present" ← (default)
        +
        @@ -401,7 +404,7 @@ see - @@ -409,7 +412,7 @@ see - @@ -417,7 +420,7 @@ see - @@ -464,7 +467,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: none

        +

        Support: none

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        safe_file_operations

        Support: full

        +

        Support: full

        Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
        +
        @@ -476,17 +479,17 @@ see

        string

        @@ -517,13 +520,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_pkcs12_module.html b/branch/main/openssl_pkcs12_module.html index 30908c4c..3547f35f 100644 --- a/branch/main/openssl_pkcs12_module.html +++ b/branch/main/openssl_pkcs12_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_pkcs12 module – Generate OpenSSL PKCS#12 archive — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -203,7 +206,7 @@ see

        Parameters

        -

        Key

        Description

        Name of backup file created.

        -

        Returned: changed and if backup is true

        -

        Sample: "/path/to/dhparams.pem.2019-03-09@11:22~"

        +

        Returned: changed and if backup is true

        +

        Sample: "/path/to/dhparams.pem.2019-03-09@11:22~"

        dhparams

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        The (current or generated) DH params’ content.

        -

        Returned: if state is present and return_content is true

        +

        Returned: if state is present and return_content is true
        @@ -494,8 +497,8 @@ see

        string

        Path to the generated Diffie-Hellman parameters.

        -

        Returned: changed or success

        -

        Sample: "/etc/ssl/dhparams.pem"

        +

        Returned: changed or success

        +

        Sample: "/etc/ssl/dhparams.pem"
        @@ -503,8 +506,8 @@ see

        integer

        Size (in bits) of the Diffie-Hellman parameters.

        -

        Returned: changed or success

        -

        Sample: 4096

        +

        Returned: changed or success

        +

        Sample: 4096
        +
        @@ -215,9 +218,9 @@ see

        string

        @@ -239,9 +242,9 @@ see

        boolean

        @@ -257,15 +260,15 @@ see @@ -275,9 +278,9 @@ see

        boolean

        @@ -344,12 +347,12 @@ see @@ -381,7 +384,7 @@ see @@ -418,15 +421,15 @@ see @@ -493,9 +496,9 @@ see Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -505,7 +508,7 @@ see

        Attributes

        -

        Parameter

        Comments

        export or parse a PKCS#12.

        -

        Choices:

        +

        Choices:

          -

        • "export" ← (default)

          • +

        • "export" ← (default)

        • "parse"

        Create a backup file including a timestamp so you can get the original output file back if you overwrote it with a new one by accident.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        encryption_level

        string

        -

        added in community.crypto 2.8.0

        +

        added in community.crypto 2.8.0

        Determines the encryption level used.

        auto uses the default of the selected backend. For cryptography, this is what the cryptography library’s specific version considers the best available encryption.

        compatibility2022 uses compatibility settings for older software in 2022. This is only supported by the cryptography backend if cryptography >= 38.0.0 is available.

        Note that this option is not used for idempotency.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "compatibility2022"

        Should the file be regenerated even if it already exists.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        other_certificates_parse_all

        boolean

        -

        added in community.crypto 1.4.0

        +

        added in community.crypto 1.4.0

        If set to true, assumes that the files mentioned in other_certificates can contain more than one certificate per file (or even none per file).

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        privatekey_content

        string

        -

        added in community.crypto 2.3.0

        +

        added in community.crypto 2.3.0

        Content of the private key file.

        Mutually exclusive with privatekey_path.

        @@ -405,12 +408,12 @@ see

        return_content

        boolean

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        If set to true, will return the (current or generated) PKCS#12’s content as pkcs12.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        select_crypto_backend

        string

        -

        added in community.crypto 1.7.0

        +

        added in community.crypto 1.7.0

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available, and falls back to pyopenssl. If iter_size is used together with encryption_level is not compatibility2022, or if maciter_size is used, auto will always result in pyopenssl to be chosen for backwards compatibility.

        If set to pyopenssl, will try to use the pyOpenSSL library.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        • "pyopenssl"

        @@ -478,10 +481,10 @@ see

        string

        Whether the file should exist or not. All parameters except path are ignored when state is absent.

        -

        Choices:

        +

        Choices:

        • "absent"

          • -

        • "present" ← (default)

          • +

        • "present" ← (default)
        +
        @@ -516,7 +519,7 @@ see - @@ -524,7 +527,7 @@ see - @@ -532,7 +535,7 @@ see - @@ -632,7 +635,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: none

        +

        Support: none

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        safe_file_operations

        Support: full

        +

        Support: full

        Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
        +
        @@ -644,8 +647,8 @@ see

        string

        @@ -685,13 +688,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_privatekey_convert_module.html b/branch/main/openssl_privatekey_convert_module.html index 89c07fe8..494f4c74 100644 --- a/branch/main/openssl_privatekey_convert_module.html +++ b/branch/main/openssl_privatekey_convert_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_privatekey_convert module – Convert OpenSSL private keys — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -204,7 +207,7 @@ see

        Parameters

        -

        Key

        Description

        Name of backup file created.

        -

        Returned: changed and if backup is true

        -

        Sample: "/path/to/ansible.com.pem.2019-03-09@11:22~"

        +

        Returned: changed and if backup is true

        +

        Sample: "/path/to/ansible.com.pem.2019-03-09@11:22~"
        @@ -653,17 +656,17 @@ see

        string

        Path to the generate PKCS#12 file.

        -

        Returned: changed or success

        -

        Sample: "/opt/certs/ansible.p12"

        +

        Returned: changed or success

        +

        Sample: "/opt/certs/ansible.p12"

        pkcs12

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        The (current or generated) PKCS#12’s content Base64 encoded.

        -

        Returned: if state is present and return_content is true

        +

        Returned: if state is present and return_content is true
        @@ -671,8 +674,8 @@ see

        string

        Path to the TLS/SSL private key the public key was generated from.

        -

        Returned: changed or success

        -

        Sample: "/etc/ssl/private/ansible.com.pem"

        +

        Returned: changed or success

        +

        Sample: "/etc/ssl/private/ansible.com.pem"
        +
        @@ -228,9 +231,9 @@ see

        boolean

        @@ -255,7 +258,7 @@ see

        Determines which format the destination private key should be written in.

        Please note that not every key can be exported in any format, and that not every format supports encryption.

        -

        Choices:

        +

        Choices:

        Parameter

        Comments

        Create a backup file including a timestamp so you can get the original private key back if you overwrote it with a new one by accident.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        +
        @@ -381,7 +384,7 @@ see - @@ -389,7 +392,7 @@ see - @@ -397,7 +400,7 @@ see - @@ -433,7 +436,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: none

        +

        Support: none

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        safe_file_operations

        Support: full

        +

        Support: full

        Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
        +
        @@ -445,8 +448,8 @@ see

        string

        @@ -459,13 +462,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_privatekey_info_filter.html b/branch/main/openssl_privatekey_info_filter.html index 7ba1cf3f..2bc66cc0 100644 --- a/branch/main/openssl_privatekey_info_filter.html +++ b/branch/main/openssl_privatekey_info_filter.html @@ -2,6 +2,7 @@ +community.crypto.openssl_privatekey_info filter – Retrieve information from OpenSSL private keys — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This filter plugin is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this filter plugin, see Requirements for details.

        @@ -205,7 +208,7 @@ see

        Input

        This describes the input of the filter, the value before | community.crypto.openssl_privatekey_info.

        -

        Key

        Description

        Name of backup file created.

        -

        Returned: changed and if backup is true

        -

        Sample: "/path/to/privatekey.pem.2019-03-09@11:22~"

        +

        Returned: changed and if backup is true

        +

        Sample: "/path/to/privatekey.pem.2019-03-09@11:22~"
        +
        @@ -226,7 +229,7 @@ see Keyword parameters

        This describes keyword parameters of the filter. These are the values key1=value1, key2=value2 and so on in the following example: input | community.crypto.openssl_privatekey_info(key1=value1, key2=value2, ...)

        -

        Parameter

        Comments
        +
        @@ -242,9 +245,9 @@ example: inputidna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

        unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

        Note that idna and unicode require the idna Python library to be installed.

        -

        Choices:

        +

        Choices:

          -

        • "ignore" ← (default)

          • +

        • "ignore" ← (default)

        • "idna"

        • "unicode"

        @@ -264,9 +267,9 @@ example: input

        Whether to return private key data.

        Only set this to true when you want private information about this key to be extracted.

        WARNING: you have to make sure that private key data is not accidentally logged!

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -300,7 +303,7 @@ example: input

        Return Value

        -

        Parameter

        Comments

        +
        @@ -312,7 +315,7 @@ example: input

        dictionary

         @@ -459,13 +462,14 @@ example: input + + diff --git a/branch/main/openssl_privatekey_info_module.html b/branch/main/openssl_privatekey_info_module.html index ed78f083..36c6f80d 100644 --- a/branch/main/openssl_privatekey_info_module.html +++ b/branch/main/openssl_privatekey_info_module.html @@ -2,6 +2,7 @@ + community.crypto.openssl_privatekey_info module – Provide information for OpenSSL private keys — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -204,7 +207,7 @@ see

        Parameters

        -

        Key

        Description

        Information on the certificate.

        -

        Returned: success

        +

        Returned: success
        @@ -320,7 +323,7 @@ example: input

        dictionary

        Private key data. Depends on key type.

        -

        Returned: success and when return_private_key_data is set to true

        +

        Returned: success and when return_private_key_data is set to true
        @@ -328,7 +331,7 @@ example: input

        dictionary

        Public key data. Depends on key type.

        -

        Returned: success

        +

        Returned: success
        @@ -336,7 +339,7 @@ example: input

        string

        The curve’s name for ECC.

        -

        Returned: When _value.type=ECC

        +

        Returned: When _value.type=ECC
        @@ -344,7 +347,7 @@ example: input

        integer

        The RSA key’s public exponent.

        -

        Returned: When _value.type=RSA

        +

        Returned: When _value.type=RSA
        @@ -352,7 +355,7 @@ example: input

        integer

        The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

        -

        Returned: When _value.type=ECC

        +

        Returned: When _value.type=ECC
        @@ -361,7 +364,7 @@ example: input

        The g value for DSA.

        This is the element spanning the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When _value.type=DSA

        +

        Returned: When _value.type=DSA
        @@ -369,7 +372,7 @@ example: input

        integer

        The RSA key’s modulus.

        -

        Returned: When _value.type=RSA

        +

        Returned: When _value.type=RSA
        @@ -378,7 +381,7 @@ example: input

        The p value for DSA.

        This is the prime modulus upon which arithmetic takes place.

        -

        Returned: When _value.type=DSA

        +

        Returned: When _value.type=DSA
        @@ -387,7 +390,7 @@ example: input

        The q value for DSA.

        This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When _value.type=DSA

        +

        Returned: When _value.type=DSA
        @@ -395,7 +398,7 @@ example: input

        integer

        Bit size of modulus (RSA) or prime number (DSA).

        -

        Returned: When _value.type=RSA or _value.type=DSA

        +

        Returned: When _value.type=RSA or _value.type=DSA
        @@ -403,7 +406,7 @@ example: input

        integer

        The x coordinate for the public point on the elliptic curve.

        -

        Returned: When _value.type=ECC

        +

        Returned: When _value.type=ECC
        @@ -412,7 +415,7 @@ example: input

        For _value.type=ECC, this is the y coordinate for the public point on the elliptic curve.

        For _value.type=DSA, this is the publicly known group element whose discrete logarithm with respect to g is the private key.

        -

        Returned: When _value.type=DSA or _value.type=ECC

        +

        Returned: When _value.type=DSA or _value.type=ECC
        @@ -420,8 +423,8 @@ example: input

        string

        Private key’s public key in PEM format.

        -

        Returned: success

        -

        Sample: "-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."

        +

        Returned: success

        +

        Sample: "-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."
        @@ -430,8 +433,8 @@ example: input

        Fingerprints of private key’s public key.

        For every hash algorithm available, the fingerprint is computed.

        -

        Returned: success

        -

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        +

        Returned: success

        +

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."
        @@ -441,8 +444,8 @@ example: input

        The key’s type.

        One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

        Will start with unknown if the key type cannot be determined.

        -

        Returned: success

        -

        Sample: "RSA"

        +

        Returned: success

        +

        Sample: "RSA"
        +
        @@ -214,14 +217,14 @@ see @@ -229,7 +232,7 @@ see @@ -270,9 +273,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        @@ -282,7 +285,7 @@ see

        Attributes

        -

        Parameter

        Comments

        check_consistency

        boolean

        -

        added in community.crypto 2.0.0

        +

        added in community.crypto 2.0.0

        Whether to check consistency of the private key.

        In community.crypto < 2.0.0, consistency was always checked.

        Since community.crypto 2.0.0, the consistency check has been disabled by default to avoid private key material to be transported around and computed with, and only do so when requested explicitly. This can potentially prevent side-channel attacks.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        content

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Content of the private key file.

        Either path or content must be specified, but not both.

        @@ -256,9 +259,9 @@ see

        Whether to return private key data.

        Only set this to true when you want private information about this key to leave the remote machine.

        WARNING: you have to make sure that private key data is not accidentally logged!

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        +
        @@ -293,7 +296,7 @@ see - -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        This action does not modify state.

        Can run in check_mode and return changed status prediction without modifying target.

        @@ -302,7 +305,7 @@ see

        diff_mode

        Support: N/A

        +

        Support: N/A

        This action does not modify state.

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        @@ -345,7 +348,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        - +
        @@ -357,7 +360,7 @@ see

        boolean

        @@ -518,13 +521,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_privatekey_module.html b/branch/main/openssl_privatekey_module.html index b7c1a911..ae7fa4c0 100644 --- a/branch/main/openssl_privatekey_module.html +++ b/branch/main/openssl_privatekey_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_privatekey module – Generate OpenSSL private keys — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -206,7 +209,7 @@ see

        Parameters

        -

        Key

        Description

        Whether the module was able to load the private key from disk.

        -

        Returned: always

        +

        Returned: always
        @@ -365,7 +368,7 @@ see

        boolean

        Whether the module was able to parse the private key.

        -

        Returned: always

        +

        Returned: always
        @@ -374,7 +377,7 @@ see

        Whether the key is consistent. Can also return none next to true and false, to indicate that consistency could not be checked.

        In case the check returns false, the module will fail.

        -

        Returned: when check_consistency=true

        +

        Returned: when check_consistency=true
        @@ -382,7 +385,7 @@ see

        dictionary

        Private key data. Depends on key type.

        -

        Returned: success and when return_private_key_data is set to true

        +

        Returned: success and when return_private_key_data is set to true
        @@ -390,7 +393,7 @@ see

        dictionary

        Public key data. Depends on key type.

        -

        Returned: success

        +

        Returned: success
        @@ -398,7 +401,7 @@ see

        string

        The curve’s name for ECC.

        -

        Returned: When type=ECC

        +

        Returned: When type=ECC
        @@ -406,7 +409,7 @@ see

        integer

        The RSA key’s public exponent.

        -

        Returned: When type=RSA

        +

        Returned: When type=RSA
        @@ -414,7 +417,7 @@ see

        integer

        The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

        -

        Returned: When type=ECC

        +

        Returned: When type=ECC
        @@ -423,7 +426,7 @@ see

        The g value for DSA.

        This is the element spanning the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When type=DSA

        +

        Returned: When type=DSA
        @@ -431,7 +434,7 @@ see

        integer

        The RSA key’s modulus.

        -

        Returned: When type=RSA

        +

        Returned: When type=RSA
        @@ -440,7 +443,7 @@ see

        The p value for DSA.

        This is the prime modulus upon which arithmetic takes place.

        -

        Returned: When type=DSA

        +

        Returned: When type=DSA
        @@ -449,7 +452,7 @@ see

        The q value for DSA.

        This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When type=DSA

        +

        Returned: When type=DSA
        @@ -457,7 +460,7 @@ see

        integer

        Bit size of modulus (RSA) or prime number (DSA).

        -

        Returned: When type=RSA or type=DSA

        +

        Returned: When type=RSA or type=DSA
        @@ -465,7 +468,7 @@ see

        integer

        The x coordinate for the public point on the elliptic curve.

        -

        Returned: When type=ECC

        +

        Returned: When type=ECC
        @@ -474,7 +477,7 @@ see

        For type=ECC, this is the y coordinate for the public point on the elliptic curve.

        For type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

        -

        Returned: When type=DSA or type=ECC

        +

        Returned: When type=DSA or type=ECC
        @@ -482,8 +485,8 @@ see

        string

        Private key’s public key in PEM format.

        -

        Returned: success

        -

        Sample: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."

        +

        Returned: success

        +

        Sample: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."
        @@ -492,8 +495,8 @@ see

        Fingerprints of private key’s public key.

        For every hash algorithm available, the fingerprint is computed.

        -

        Returned: success

        -

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        +

        Returned: success

        +

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."
        @@ -503,8 +506,8 @@ see

        The key’s type.

        One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

        Will start with unknown if the key type cannot be determined.

        -

        Returned: success

        -

        Sample: "RSA"

        +

        Returned: success

        +

        Sample: "RSA"
        +
        @@ -230,9 +233,9 @@ see

        boolean

        @@ -252,7 +255,7 @@ see secp384r1 or secp256r1 should be used.

        We use the curve names as defined in the IANA registry for TLS.

        Please note that all curves except secp224r1, secp256k1, secp256r1, secp384r1, and secp521r1 are discouraged for new private keys.

        -

        Choices:

        +

        Choices:

        • "secp224r1"

        • "secp256k1"

          • @@ -281,9 +284,9 @@ see

          boolean

        @@ -291,33 +294,33 @@ see @@ -369,7 +372,7 @@ see @@ -392,14 +395,14 @@ see @@ -411,9 +414,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        @@ -457,7 +460,7 @@ see

        integer

        @@ -478,13 +481,13 @@ see

        The algorithm used to generate the TLS/SSL private key.

        Note that ECC, X25519, X448, Ed25519, and Ed448 require the cryptography backend. X25519 needs cryptography 2.5 or newer, while X448, Ed25519, and Ed448 require cryptography 2.6 or newer. For ECC, the minimal cryptography version required depends on the curve option.

        -

        Choices:

        +

        Choices:

        • "DSA"

        • "ECC"

        • "Ed25519"

        • "Ed448"

          • -

        • "RSA" ← (default)

          • +

        • "RSA" ← (default)

        • "X25519"

        • "X448"

        @@ -498,9 +501,9 @@ see Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -510,7 +513,7 @@ see

        Attributes

        -

        Parameter

        Comments

        Create a backup file including a timestamp so you can get the original private key back if you overwrote it with a new one by accident.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Should the key be regenerated even if it already exists.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        format

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Determines which format the private key is written in. By default, PKCS1 (traditional OpenSSL format) is used for all keys which support it. Please note that not every key can be exported in any format.

        The value auto selects a format based on the key format. The value auto_ignore does the same, but for existing private key files, it will not force a regenerate when its format is not the automatically selected one for generation.

        Note that if the format for an existing private key mismatches, the key is regenerated by default. To change this behavior, use the format_mismatch option.

        -

        Choices:

        +

        Choices:

        • "pkcs1"

        • "pkcs8"

        • "raw"

        • "auto"

          • -

        • "auto_ignore" ← (default)

          • +

        • "auto_ignore" ← (default)

        format_mismatch

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Determines behavior of the module if the format of a private key does not match the expected format, but all other parameters are as expected.

        If set to regenerate (default), generates a new private key.

        If set to convert, the key will be converted to the new format instead.

        Only supported by the cryptography backend.

        -

        Choices:

        +

        Choices:

          -

        • "regenerate" ← (default)

          • +

        • "regenerate" ← (default)

        • "convert"

        regenerate

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Allows to configure in which situations the module is allowed to regenerate private keys. The module will always generate a new key if the destination file does not exist.

        By default, the key will be regenerated when it does not match the module’s options, except when the key cannot be read or the passphrase does not match. Please note that this changed for Ansible 2.10. For Ansible 2.9, the behavior was as if full_idempotence is specified.

        @@ -379,12 +382,12 @@ see full_idempotence, the key will be regenerated if it does not conform to the module’s options. This is also the case if the key cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a backup when using this option!

        If set to always, the module will always regenerate the key. This is equivalent to setting force to true.

        Note that if format_mismatch is set to convert and everything matches except the format, the key will always be converted, except if regenerate is set to always.

        -

        Choices:

        +

        Choices:

        • "never"

        • "fail"

        • "partial_idempotence"

          • -

        • "full_idempotence" ← (default)

          • +

        • "full_idempotence" ← (default)

        • "always"

        return_content

        boolean

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        If set to true, will return the (current or generated) private key’s content as privatekey.

        Note that especially if the private key is not encrypted, you have to make sure that the returned value is treated appropriately and not accidentally written to logs etc.! Use with care!

        Use Ansible’s no_log task option to avoid the output being shown. See also https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Size (in bits) of the TLS/SSL key to generate.

        -

        Default: 4096

        +

        Default: 4096
        @@ -465,10 +468,10 @@ see

        string

        Whether the private key should exist or not, taking action if the state is different from what is stated.

        -

        Choices:

        +

        Choices:

        • "absent"

          • -

        • "present" ← (default)

          • +

        • "present" ← (default)
        +
        @@ -521,7 +524,7 @@ see - @@ -529,7 +532,7 @@ see - @@ -537,7 +540,7 @@ see - @@ -609,7 +612,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: full

        +

        Support: full

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        safe_file_operations

        Support: full

        +

        Support: full

        Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
        +
        @@ -621,8 +624,8 @@ see

        string

        @@ -691,13 +694,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_privatekey_pipe_module.html b/branch/main/openssl_privatekey_pipe_module.html index b8bf72d7..6026a0fa 100644 --- a/branch/main/openssl_privatekey_pipe_module.html +++ b/branch/main/openssl_privatekey_pipe_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -212,7 +215,7 @@ see

        Parameters

        -

        Key

        Description

        Name of backup file created.

        -

        Returned: changed and if backup is true

        -

        Sample: "/path/to/privatekey.pem.2019-03-09@11:22~"

        +

        Returned: changed and if backup is true

        +

        Sample: "/path/to/privatekey.pem.2019-03-09@11:22~"
        @@ -630,8 +633,8 @@ see

        string

        Elliptic curve used to generate the TLS/SSL private key.

        -

        Returned: changed or success, and type is ECC

        -

        Sample: "secp256r1"

        +

        Returned: changed or success, and type is ECC

        +

        Sample: "secp256r1"
        @@ -639,8 +642,8 @@ see

        string

        Path to the generated TLS/SSL private key file.

        -

        Returned: changed or success

        -

        Sample: "/etc/ssl/private/ansible.com.pem"

        +

        Returned: changed or success

        +

        Sample: "/etc/ssl/private/ansible.com.pem"
        @@ -648,18 +651,18 @@ see

        dictionary

        The fingerprint of the public key. Fingerprint will be generated for each hashlib.algorithms available.

        -

        Returned: changed or success

        -

        Sample: {"md5": "84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29", "sha1": "51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10", "sha224": "b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46", "sha256": "41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7", "sha384": "85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d", "sha512": "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"}

        +

        Returned: changed or success

        +

        Sample: {"md5": "84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29", "sha1": "51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10", "sha224": "b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46", "sha256": "41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7", "sha384": "85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d", "sha512": "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"}

        privatekey

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        The (current or generated) private key’s content.

        Will be Base64-encoded if the key is in raw format.

        -

        Returned: if state is present and return_content is true

        +

        Returned: if state is present and return_content is true
        @@ -667,8 +670,8 @@ see

        integer

        Size (in bits) of the TLS/SSL private key.

        -

        Returned: changed or success

        -

        Sample: 4096

        +

        Returned: changed or success

        +

        Sample: 4096
        @@ -676,8 +679,8 @@ see

        string

        Algorithm used to generate the TLS/SSL private key.

        -

        Returned: changed or success

        -

        Sample: "RSA"

        +

        Returned: changed or success

        +

        Sample: "RSA"
        +
        @@ -239,9 +242,9 @@ see

        boolean

        @@ -254,7 +257,7 @@ see secp384r1 or secp256r1 should be used.

        We use the curve names as defined in the IANA registry for TLS.

        Please note that all curves except secp224r1, secp256k1, secp256r1, secp384r1, and secp521r1 are discouraged for new private keys.

        -

        Choices:

        +

        Choices:

        @@ -303,9 +306,9 @@ see regenerate (default), generates a new private key.

        If set to convert, the key will be converted to the new format instead.

        Only supported by the cryptography backend.

        -

        Choices:

        +

        Choices:

          -

        • "regenerate" ← (default)

          • +

        • "regenerate" ← (default)

        • "convert"

        @@ -329,12 +332,12 @@ see         full_idempotence, the key will be regenerated if it does not conform to the module’s options. This is also the case if the key cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a backup when using this option!

        If set to always, the module will always regenerate the key.

        Note that if format_mismatch is set to convert and everything matches except the format, the key will always be converted, except if regenerate is set to always.

        -

        Choices:

        +

        Choices:

        • "never"

        • "fail"

        • "partial_idempotence"

          • -

        • "full_idempotence" ← (default)

          • +

        • "full_idempotence" ← (default)

        • "always"

        @@ -345,9 +348,9 @@ see

        Set to true to return the current private key when the module did not generate a new one.

        Note that in case of check mode, when this option is not set to true, the module always returns the current key (if it was provided) and Ansible will replace it by VALUE_SPECIFIED_IN_NO_LOG_PARAMETER.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -359,9 +362,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        @@ -371,7 +374,7 @@ see

        integer

        Parameter

        Comments

        Set to true if the content is base64 encoded.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Size (in bits) of the TLS/SSL key to generate.

        -

        Default: 4096

        +

        Default: 4096
        @@ -380,13 +383,13 @@ see

        The algorithm used to generate the TLS/SSL private key.

        Note that ECC, X25519, X448, Ed25519, and Ed448 require the cryptography backend. X25519 needs cryptography 2.5 or newer, while X448, Ed25519, and Ed448 require cryptography 2.6 or newer. For ECC, the minimal cryptography version required depends on the curve option.

        -

        Choices:

        +

        Choices:

        • "DSA"

        • "ECC"

        • "Ed25519"

        • "Ed448"

          • -

        • "RSA" ← (default)

          • +

        • "RSA" ← (default)

        • "X25519"

        • "X448"

        @@ -397,7 +400,7 @@ see

        Attributes

        - +
        @@ -408,7 +411,7 @@ see - @@ -416,7 +419,7 @@ see - - @@ -433,7 +436,7 @@ see - @@ -503,7 +506,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        action

        Support: full

        +

        Support: full

        Indicates this has a corresponding action plugin so some parts of the options can be executed on the controller.

        async

        Support: none

        +

        Support: none

        This action runs completely on the controller.

        Supports being used with the async keyword.

        @@ -425,7 +428,7 @@ see

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: full

        +

        Support: full

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.
        +
        @@ -515,8 +518,8 @@ see

        string

        @@ -567,13 +570,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_publickey_info_filter.html b/branch/main/openssl_publickey_info_filter.html index 1896c8ba..62de2a7a 100644 --- a/branch/main/openssl_publickey_info_filter.html +++ b/branch/main/openssl_publickey_info_filter.html @@ -2,6 +2,7 @@ +community.crypto.openssl_publickey_info filter – Retrieve information from OpenSSL public keys in PEM format — Community.Crypto Collection documentation @@ -169,6 +170,8 @@

        Note

        This filter plugin is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto.

        To use it in a playbook, specify: community.crypto.openssl_publickey_info.

        @@ -192,7 +195,7 @@

        Input

        This describes the input of the filter, the value before | community.crypto.openssl_publickey_info.

        -

        Key

        Description

        Elliptic curve used to generate the TLS/SSL private key.

        -

        Returned: changed or success, and type is ECC

        -

        Sample: "secp256r1"

        +

        Returned: changed or success, and type is ECC

        +

        Sample: "secp256r1"
        @@ -524,8 +527,8 @@ see

        dictionary

        The fingerprint of the public key. Fingerprint will be generated for each hashlib.algorithms available.

        -

        Returned: changed or success

        -

        Sample: {"md5": "84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29", "sha1": "51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10", "sha224": "b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46", "sha256": "41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7", "sha384": "85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d", "sha512": "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"}

        +

        Returned: changed or success

        +

        Sample: {"md5": "84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29", "sha1": "51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10", "sha224": "b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46", "sha256": "41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7", "sha384": "85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d", "sha512": "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"}
        @@ -535,7 +538,7 @@ see

        The generated private key’s content.

        Please note that if the result is not changed, the current private key will only be returned if the return_current_key option is set to true.

        Will be Base64-encoded if the key is in raw format.

        -

        Returned: changed, or return_current_key is true

        +

        Returned: changed, or return_current_key is true
        @@ -543,8 +546,8 @@ see

        integer

        Size (in bits) of the TLS/SSL private key.

        -

        Returned: changed or success

        -

        Sample: 4096

        +

        Returned: changed or success

        +

        Sample: 4096
        @@ -552,8 +555,8 @@ see

        string

        Algorithm used to generate the TLS/SSL private key.

        -

        Returned: changed or success

        -

        Sample: "RSA"

        +

        Returned: changed or success

        +

        Sample: "RSA"
        +
        @@ -235,7 +238,7 @@

        Return Value

        -

        Parameter

        Comments
        +
        @@ -247,7 +250,7 @@

        dictionary

        @@ -377,13 +380,14 @@ + + diff --git a/branch/main/openssl_publickey_info_module.html b/branch/main/openssl_publickey_info_module.html index 0933e2ef..967f07ac 100644 --- a/branch/main/openssl_publickey_info_module.html +++ b/branch/main/openssl_publickey_info_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -204,7 +207,7 @@ see

        Parameters

        -

        Key

        Description

        Information on the public key.

        -

        Returned: success

        +

        Returned: success
        @@ -256,8 +259,8 @@

        Fingerprints of public key.

        For every hash algorithm available, the fingerprint is computed.

        -

        Returned: success

        -

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        +

        Returned: success

        +

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."
        @@ -265,7 +268,7 @@

        dictionary

        Public key data. Depends on key type.

        -

        Returned: success

        +

        Returned: success
        @@ -273,7 +276,7 @@

        string

        The curve’s name for ECC.

        -

        Returned: When _value.type=ECC

        +

        Returned: When _value.type=ECC
        @@ -281,7 +284,7 @@

        integer

        The RSA key’s public exponent.

        -

        Returned: When _value.type=RSA

        +

        Returned: When _value.type=RSA
        @@ -289,7 +292,7 @@

        integer

        The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

        -

        Returned: When _value.type=ECC

        +

        Returned: When _value.type=ECC
        @@ -298,7 +301,7 @@

        The g value for DSA.

        This is the element spanning the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When _value.type=DSA

        +

        Returned: When _value.type=DSA
        @@ -306,7 +309,7 @@

        integer

        The RSA key’s modulus.

        -

        Returned: When _value.type=RSA

        +

        Returned: When _value.type=RSA
        @@ -315,7 +318,7 @@

        The p value for DSA.

        This is the prime modulus upon which arithmetic takes place.

        -

        Returned: When _value.type=DSA

        +

        Returned: When _value.type=DSA
        @@ -324,7 +327,7 @@

        The q value for DSA.

        This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When _value.type=DSA

        +

        Returned: When _value.type=DSA
        @@ -332,7 +335,7 @@

        integer

        Bit size of modulus (RSA) or prime number (DSA).

        -

        Returned: When _value.type=RSA or _value.type=DSA

        +

        Returned: When _value.type=RSA or _value.type=DSA
        @@ -340,7 +343,7 @@

        integer

        The x coordinate for the public point on the elliptic curve.

        -

        Returned: When _value.type=ECC

        +

        Returned: When _value.type=ECC
        @@ -349,7 +352,7 @@

        For _value.type=ECC, this is the y coordinate for the public point on the elliptic curve.

        For _value.type=DSA, this is the publicly known group element whose discrete logarithm with respect to g is the private key.

        -

        Returned: When _value.type=DSA or _value.type=ECC

        +

        Returned: When _value.type=DSA or _value.type=ECC
        @@ -359,8 +362,8 @@

        The key’s type.

        One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

        Will start with unknown if the key type cannot be determined.

        -

        Returned: success

        -

        Sample: "RSA"

        +

        Returned: success

        +

        Sample: "RSA"
        +
        @@ -233,9 +236,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        @@ -245,7 +248,7 @@ see

        Attributes

        -

        Parameter

        Comments
        +
        @@ -256,7 +259,7 @@ see - -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        This action does not modify state.

        Can run in check_mode and return changed status prediction without modifying target.

        @@ -265,7 +268,7 @@ see

        diff_mode

        Support: N/A

        +

        Support: N/A

        This action does not modify state.

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        @@ -313,7 +316,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        - +
        @@ -326,8 +329,8 @@ see

        Fingerprints of public key.

        For every hash algorithm available, the fingerprint is computed.

        -

        Returned: success

        -

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        +

        Returned: success

        +

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

         @@ -443,13 +446,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_publickey_module.html b/branch/main/openssl_publickey_module.html index ff3ef392..fb870da6 100644 --- a/branch/main/openssl_publickey_module.html +++ b/branch/main/openssl_publickey_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key. — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -205,7 +208,7 @@ see

        Parameters

        -

        Key

        Description

        @@ -335,7 +338,7 @@ see

        dictionary

        Public key data. Depends on key type.

        -

        Returned: success

        +

        Returned: success
        @@ -343,7 +346,7 @@ see

        string

        The curve’s name for ECC.

        -

        Returned: When type=ECC

        +

        Returned: When type=ECC
        @@ -351,7 +354,7 @@ see

        integer

        The RSA key’s public exponent.

        -

        Returned: When type=RSA

        +

        Returned: When type=RSA
        @@ -359,7 +362,7 @@ see

        integer

        The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

        -

        Returned: When type=ECC

        +

        Returned: When type=ECC
        @@ -368,7 +371,7 @@ see

        The g value for DSA.

        This is the element spanning the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When type=DSA

        +

        Returned: When type=DSA
        @@ -376,7 +379,7 @@ see

        integer

        The RSA key’s modulus.

        -

        Returned: When type=RSA

        +

        Returned: When type=RSA
        @@ -385,7 +388,7 @@ see

        The p value for DSA.

        This is the prime modulus upon which arithmetic takes place.

        -

        Returned: When type=DSA

        +

        Returned: When type=DSA
        @@ -394,7 +397,7 @@ see

        The q value for DSA.

        This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When type=DSA

        +

        Returned: When type=DSA
        @@ -402,7 +405,7 @@ see

        integer

        Bit size of modulus (RSA) or prime number (DSA).

        -

        Returned: When type=RSA or type=DSA

        +

        Returned: When type=RSA or type=DSA
        @@ -410,7 +413,7 @@ see

        integer

        The x coordinate for the public point on the elliptic curve.

        -

        Returned: When type=ECC

        +

        Returned: When type=ECC
        @@ -419,7 +422,7 @@ see

        For type=ECC, this is the y coordinate for the public point on the elliptic curve.

        For type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

        -

        Returned: When type=DSA or type=ECC

        +

        Returned: When type=DSA or type=ECC
        @@ -429,8 +432,8 @@ see

        The key’s type.

        One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

        Will start with unknown if the key type cannot be determined.

        -

        Returned: success

        -

        Sample: "RSA"

        +

        Returned: success

        +

        Sample: "RSA"
        +
        @@ -229,9 +232,9 @@ see

        boolean

        @@ -241,9 +244,9 @@ see

        boolean

        @@ -253,10 +256,10 @@ see

        string

        @@ -300,7 +303,7 @@ see @@ -341,9 +344,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        @@ -387,10 +390,10 @@ see

        string

        @@ -402,9 +405,9 @@ see Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -414,7 +417,7 @@ see

        Attributes

        -

        Parameter

        Comments

        Create a backup file including a timestamp so you can get the original public key back if you overwrote it with a different one by accident.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Should the key be regenerated even it it already exists.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        The format of the public key.

        -

        Choices:

        +

        Choices:

        • "OpenSSH"

          • -

        • "PEM" ← (default)

          • +

        • "PEM" ← (default)

        privatekey_content

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        The content of the TLS/SSL private key from which to generate the public key.

        Either privatekey_path or privatekey_content must be specified, but not both. If state is present, one of them is required.

        @@ -324,12 +327,12 @@ see

        return_content

        boolean

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        If set to true, will return the (current or generated) public key’s content as publickey.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Whether the public key should exist or not, taking action if the state is different from what is stated.

        -

        Choices:

        +

        Choices:

        • "absent"

          • -

        • "present" ← (default)

          • +

        • "present" ← (default)
        +
        @@ -425,7 +428,7 @@ see - @@ -433,7 +436,7 @@ see - @@ -441,7 +444,7 @@ see - @@ -513,7 +516,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: full

        +

        Support: full

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        safe_file_operations

        Support: full

        +

        Support: full

        Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
        +
        @@ -525,8 +528,8 @@ see

        string

        @@ -586,13 +589,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_signature_info_module.html b/branch/main/openssl_signature_info_module.html index e48231f4..5fb9ba2f 100644 --- a/branch/main/openssl_signature_info_module.html +++ b/branch/main/openssl_signature_info_module.html @@ -2,6 +2,7 @@ +community.crypto.openssl_signature_info module – Verify signatures with openssl — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -206,7 +209,7 @@ see

        Parameters

        -

        Key

        Description

        Name of backup file created.

        -

        Returned: changed and if backup is true

        -

        Sample: "/path/to/publickey.pem.2019-03-09@11:22~"

        +

        Returned: changed and if backup is true

        +

        Sample: "/path/to/publickey.pem.2019-03-09@11:22~"
        @@ -534,8 +537,8 @@ see

        string

        Path to the generated TLS/SSL public key file.

        -

        Returned: changed or success

        -

        Sample: "/etc/ssl/public/ansible.com.pem"

        +

        Returned: changed or success

        +

        Sample: "/etc/ssl/public/ansible.com.pem"
        @@ -543,8 +546,8 @@ see

        dictionary

        The fingerprint of the public key. Fingerprint will be generated for each hashlib.algorithms available.

        -

        Returned: changed or success

        -

        Sample: {"md5": "84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29", "sha1": "51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10", "sha224": "b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46", "sha256": "41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7", "sha384": "85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d", "sha512": "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"}

        +

        Returned: changed or success

        +

        Sample: {"md5": "84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29", "sha1": "51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10", "sha224": "b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46", "sha256": "41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7", "sha384": "85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d", "sha512": "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"}
        @@ -552,8 +555,8 @@ see

        string

        The format of the public key (PEM, OpenSSH, …).

        -

        Returned: changed or success

        -

        Sample: "PEM"

        +

        Returned: changed or success

        +

        Sample: "PEM"
        @@ -562,17 +565,17 @@ see

        Path to the TLS/SSL private key the public key was generated from.

        Will be none if the private key has been provided in privatekey_content.

        -

        Returned: changed or success

        -

        Sample: "/etc/ssl/private/ansible.com.pem"

        +

        Returned: changed or success

        +

        Sample: "/etc/ssl/private/ansible.com.pem"

        publickey

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        The (current or generated) public key’s content.

        -

        Returned: if state is present and return_content is true

        +

        Returned: if state is present and return_content is true
        +
        @@ -244,9 +247,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        @@ -263,7 +266,7 @@ see

        Attributes

        -

        Parameter

        Comments
        +
        @@ -274,7 +277,7 @@ see - -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        This action does not modify state.

        Can run in check_mode and return changed status prediction without modifying target.

        @@ -283,7 +286,7 @@ see

        diff_mode

        Support: N/A

        +

        Support: N/A

        This action does not modify state.

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        @@ -341,7 +344,7 @@ ed448 and ed25519 keys:

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        - +
        @@ -353,7 +356,7 @@ ed448 and ed25519 keys:

        boolean

         @@ -367,13 +370,14 @@ ed448 and ed25519 keys:

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/openssl_signature_module.html b/branch/main/openssl_signature_module.html index 171e771e..1d4f988c 100644 --- a/branch/main/openssl_signature_module.html +++ b/branch/main/openssl_signature_module.html @@ -2,6 +2,7 @@ + community.crypto.openssl_signature module – Sign data with openssl — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -206,7 +209,7 @@ see

        Parameters

        -

        Key

        Description

        true means the signature was valid for the given file, false means it was not.

        -

        Returned: success

        +

        Returned: success
        +
        @@ -252,9 +255,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        @@ -264,7 +267,7 @@ see

        Attributes

        -

        Parameter

        Comments

        +
        @@ -275,7 +278,7 @@ see - - @@ -341,7 +344,7 @@ ed448 and ed25519 keys:

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        This action does not modify state.

        Can run in check_mode and return changed status prediction without modifying target.

        @@ -284,7 +287,7 @@ see

        diff_mode

        Support: none

        +

        Support: none

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        +
        @@ -353,7 +356,7 @@ ed448 and ed25519 keys:

        string

         @@ -367,13 +370,14 @@ ed448 and ed25519 keys:

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/searchindex.js b/branch/main/searchindex.js index 567a36af..a014d2bb 100644 --- a/branch/main/searchindex.js +++ b/branch/main/searchindex.js @@ -1 +1 @@ -Search.setIndex({"docnames": ["acme_account_facts_module", "acme_account_info_module", "acme_account_module", "acme_certificate_module", "acme_certificate_revoke_module", "acme_challenge_cert_helper_module", "acme_inspect_module", "certificate_complete_chain_module", "crypto_info_module", "docsite/guide_ownca", "docsite/guide_selfsigned", "ecs_certificate_module", "ecs_domain_module", "environment_variables", "get_certificate_module", "gpg_fingerprint_filter", "gpg_fingerprint_lookup", "index", "luks_device_module", "openssh_cert_module", "openssh_keypair_module", "openssl_certificate_info_module", "openssl_certificate_module", "openssl_csr_info_filter", "openssl_csr_info_module", "openssl_csr_module", "openssl_csr_pipe_module", "openssl_dhparam_module", "openssl_pkcs12_module", "openssl_privatekey_convert_module", "openssl_privatekey_info_filter", "openssl_privatekey_info_module", "openssl_privatekey_module", "openssl_privatekey_pipe_module", "openssl_publickey_info_filter", "openssl_publickey_info_module", "openssl_publickey_module", "openssl_signature_info_module", "openssl_signature_module", "split_pem_filter", "x509_certificate_info_filter", "x509_certificate_info_module", "x509_certificate_module", "x509_certificate_pipe_module", "x509_crl_info_filter", "x509_crl_info_module", "x509_crl_module"], "filenames": ["acme_account_facts_module.rst", "acme_account_info_module.rst", "acme_account_module.rst", "acme_certificate_module.rst", "acme_certificate_revoke_module.rst", "acme_challenge_cert_helper_module.rst", "acme_inspect_module.rst", "certificate_complete_chain_module.rst", "crypto_info_module.rst", "docsite/guide_ownca.rst", "docsite/guide_selfsigned.rst", "ecs_certificate_module.rst", "ecs_domain_module.rst", "environment_variables.rst", "get_certificate_module.rst", "gpg_fingerprint_filter.rst", "gpg_fingerprint_lookup.rst", "index.rst", "luks_device_module.rst", "openssh_cert_module.rst", "openssh_keypair_module.rst", "openssl_certificate_info_module.rst", "openssl_certificate_module.rst", "openssl_csr_info_filter.rst", "openssl_csr_info_module.rst", "openssl_csr_module.rst", "openssl_csr_pipe_module.rst", "openssl_dhparam_module.rst", "openssl_pkcs12_module.rst", "openssl_privatekey_convert_module.rst", "openssl_privatekey_info_filter.rst", "openssl_privatekey_info_module.rst", "openssl_privatekey_module.rst", "openssl_privatekey_pipe_module.rst", "openssl_publickey_info_filter.rst", "openssl_publickey_info_module.rst", "openssl_publickey_module.rst", "openssl_signature_info_module.rst", "openssl_signature_module.rst", "split_pem_filter.rst", "x509_certificate_info_filter.rst", "x509_certificate_info_module.rst", "x509_certificate_module.rst", "x509_certificate_pipe_module.rst", "x509_crl_info_filter.rst", "x509_crl_info_module.rst", "x509_crl_module.rst"], "titles": ["community.crypto.acme_account_facts", "community.crypto.acme_account_info module \u2013 Retrieves information on ACME accounts", "community.crypto.acme_account module \u2013 Create, modify or delete ACME accounts", "community.crypto.acme_certificate module \u2013 Create SSL/TLS certificates with the ACME protocol", "community.crypto.acme_certificate_revoke module \u2013 Revoke certificates with the ACME protocol", "community.crypto.acme_challenge_cert_helper module \u2013 Prepare certificates required for ACME challenges such as tls-alpn-01", "community.crypto.acme_inspect module \u2013 Send direct requests to an ACME server", "community.crypto.certificate_complete_chain module \u2013 Complete certificate chain given a set of untrusted and root certificates", "community.crypto.crypto_info module \u2013 Retrieve cryptographic capabilities", "How to create a small CA", "How to create self-signed certificates", "community.crypto.ecs_certificate module \u2013 Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API", "community.crypto.ecs_domain module \u2013 Request validation of a domain with the Entrust Certificate Services (ECS) API", "Index of all Collection Environment Variables", "community.crypto.get_certificate module \u2013 Get a certificate from a host:port", "community.crypto.gpg_fingerprint filter \u2013 Retrieve a GPG fingerprint from a GPG public or private key", "community.crypto.gpg_fingerprint lookup \u2013 Retrieve a GPG fingerprint from a GPG public or private key file", "Community.Crypto", "community.crypto.luks_device module \u2013 Manage encrypted (LUKS) devices", "community.crypto.openssh_cert module \u2013 Generate OpenSSH host or user certificates.", "community.crypto.openssh_keypair module \u2013 Generate OpenSSH private and public keys", "community.crypto.openssl_certificate_info", "community.crypto.openssl_certificate", "community.crypto.openssl_csr_info filter \u2013 Retrieve information from OpenSSL Certificate Signing Requests (CSR)", "community.crypto.openssl_csr_info module \u2013 Provide information of OpenSSL Certificate Signing Requests (CSR)", "community.crypto.openssl_csr module \u2013 Generate OpenSSL Certificate Signing Request (CSR)", "community.crypto.openssl_csr_pipe module \u2013 Generate OpenSSL Certificate Signing Request (CSR)", "community.crypto.openssl_dhparam module \u2013 Generate OpenSSL Diffie-Hellman Parameters", "community.crypto.openssl_pkcs12 module \u2013 Generate OpenSSL PKCS#12 archive", "community.crypto.openssl_privatekey_convert module \u2013 Convert OpenSSL private keys", "community.crypto.openssl_privatekey_info filter \u2013 Retrieve information from OpenSSL private keys", "community.crypto.openssl_privatekey_info module \u2013 Provide information for OpenSSL private keys", "community.crypto.openssl_privatekey module \u2013 Generate OpenSSL private keys", "community.crypto.openssl_privatekey_pipe module \u2013 Generate OpenSSL private keys without disk access", "community.crypto.openssl_publickey_info filter \u2013 Retrieve information from OpenSSL public keys in PEM format", "community.crypto.openssl_publickey_info module \u2013 Provide information for OpenSSL public keys", "community.crypto.openssl_publickey module \u2013 Generate an OpenSSL public key from its private key.", "community.crypto.openssl_signature_info module \u2013 Verify signatures with openssl", "community.crypto.openssl_signature module \u2013 Sign data with openssl", "community.crypto.split_pem filter \u2013 Split PEM file contents into multiple objects", "community.crypto.x509_certificate_info filter \u2013 Retrieve information from X.509 certificates in PEM format", "community.crypto.x509_certificate_info module \u2013 Provide information of OpenSSL X.509 certificates", "community.crypto.x509_certificate module \u2013 Generate and/or check OpenSSL certificates", "community.crypto.x509_certificate_pipe module \u2013 Generate and/or check OpenSSL certificates", "community.crypto.x509_crl_info filter \u2013 Retrieve information from X.509 CRLs in PEM format", "community.crypto.x509_crl_info module \u2013 Retrieve information on Certificate Revocation Lists (CRLs)", "community.crypto.x509_crl module \u2013 Generate Certificate Revocation Lists (CRLs)"], "terms": {"thi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "plugin": [0, 13, 15, 16, 21, 22, 23, 24, 30, 31, 33, 34, 35, 39, 40, 41, 44, 45], "wa": [0, 1, 3, 4, 6, 9, 11, 14, 18, 20, 21, 22, 23, 24, 25, 26, 28, 31, 32, 33, 36, 37, 40, 41, 42, 44, 45, 46], "part": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "collect": [0, 9, 10, 17, 21, 22], "version": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "2": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "16": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "0": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "modul": [0, 9, 10, 21, 22, 23, 30, 34, 40, 44], "ha": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 18, 19, 20, 21, 22, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 44, 45, 46], "been": [0, 1, 2, 3, 4, 6, 11, 13, 14, 18, 19, 21, 22, 25, 26, 31, 36, 43, 46], "remov": [0, 1, 2, 3, 4, 6, 18, 21, 22, 28, 36, 42, 46], "The": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "renam": [0, 21, 22, 41, 42, 46], "acme_account_info": [0, 2, 17], "i": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "To": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "instal": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "us": [1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "ansibl": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "galaxi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "you": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "need": [1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "further": [1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "abl": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "detail": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "playbook": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "specifi": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "allow": [1, 2, 3, 4, 6, 11, 12, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "ca": [1, 2, 3, 4, 6, 7, 11, 17, 19, 23, 24, 25, 26, 28, 39, 40, 41, 42, 43, 44, 45, 46], "support": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 17, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "protocol": [1, 2, 5, 6, 14, 17, 20, 42], "let": [1, 2, 3, 4, 6, 42], "": [1, 2, 3, 4, 5, 6, 9, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 43, 44, 45, 46], "encrypt": [1, 2, 3, 4, 6, 14, 17, 20, 28, 29, 32, 33, 42], "onli": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "work": [1, 2, 3, 4, 6, 18, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42], "v2": [1, 2, 3, 4, 6, 36], "below": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "ar": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "host": [1, 2, 3, 4, 5, 6, 7, 11, 12, 17, 18, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "execut": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "either": [1, 2, 3, 4, 6, 11, 12, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 35, 36, 37, 38, 41, 42, 43, 45, 46], "openssl": [1, 2, 3, 4, 6, 7, 8, 14, 17, 40], "cryptographi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 20, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 45, 46], "1": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "5": [1, 2, 3, 4, 6, 7, 8, 12, 18, 23, 24, 32, 33, 37, 38, 40, 41, 42, 43], "ipaddress": [1, 2, 3, 4, 6], "comment": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "account_key_cont": [1, 2, 3, 4, 6], "string": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "content": [1, 2, 3, 4, 5, 6, 7, 9, 11, 12, 14, 15, 17, 18, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "rsa": [1, 2, 3, 4, 6, 8, 10, 19, 20, 23, 24, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41], "ellipt": [1, 2, 3, 4, 6, 8, 20, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "curv": [1, 2, 3, 4, 6, 8, 20, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "kei": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 17, 18, 19, 23, 24, 25, 26, 27, 28, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "mutual": [1, 2, 3, 4, 5, 6, 18, 25, 26, 28, 42, 43, 46], "exclus": [1, 2, 3, 4, 5, 6, 18, 25, 26, 28, 42, 43, 46], "account_key_src": [1, 2, 3, 4, 5, 6, 8], "warn": [1, 2, 3, 4, 6, 30, 31, 41, 42], "written": [1, 2, 3, 4, 6, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 46], "temporari": [1, 2, 3, 4, 6], "file": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 17, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "which": [1, 2, 3, 4, 6, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "delet": [1, 3, 4, 6, 17], "when": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "complet": [1, 2, 3, 4, 6, 8, 17, 18, 33], "sinc": [1, 2, 3, 4, 6, 9, 18, 25, 26, 28, 31], "an": [1, 2, 3, 4, 5, 11, 12, 14, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 40, 41, 42, 43, 44, 45, 46], "import": [1, 2, 3, 4, 6, 8, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 46], "privat": [1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 17, 19, 23, 24, 25, 26, 27, 28, 34, 35, 37, 38, 40, 41, 42, 43, 44, 45, 46], "can": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 44, 45, 46], "chang": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "revok": [1, 2, 3, 6, 11, 17, 44, 45, 46], "your": [1, 2, 3, 4, 6, 9, 11, 12, 25, 26, 27, 32, 42, 43], "certif": [1, 2, 6, 17, 27, 28, 30, 32, 33, 36, 37, 38, 39, 44], "without": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 17, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 35, 36, 37, 38, 41, 42, 43, 45, 46], "know": [1, 2, 3, 4, 6, 25, 26], "might": [1, 2, 3, 4, 6, 14, 29, 32, 33, 36, 46], "accept": [1, 2, 3, 4, 6, 11, 25, 26], "In": [1, 2, 3, 4, 6, 9, 11, 20, 23, 24, 28, 31, 32, 43], "case": [1, 2, 3, 4, 6, 8, 11, 12, 14, 18, 19, 20, 23, 24, 25, 27, 28, 29, 31, 32, 33, 36, 40, 41, 42, 46], "It": [1, 2, 3, 4, 6, 7, 11, 20, 24, 29, 31, 32, 35, 41, 42, 43, 46], "still": [1, 2, 3, 4, 6, 11, 19, 24, 31, 41, 42], "happen": [1, 2, 3, 4, 6], "disk": [1, 2, 3, 4, 6, 7, 10, 17, 25, 26, 29, 31, 32, 36, 42, 43], "process": [1, 2, 3, 4, 6, 12, 18, 46], "move": [1, 2, 3, 4, 6, 11, 41, 42, 43], "its": [1, 2, 3, 4, 6, 7, 9, 11, 12, 15, 17, 18, 19, 20, 25, 26, 27, 28, 29, 32, 33, 35, 42, 43], "argument": [1, 2, 3, 4, 6, 27], "node": [1, 2, 3, 4, 6, 15, 16, 23, 30, 40, 44], "where": [1, 2, 3, 4, 6, 9, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 35, 36, 41, 42, 43, 45, 46], "account_key_passphras": [1, 2, 3, 4, 6], "ad": [1, 2, 3, 4, 5, 6, 7, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 36, 41, 42, 43, 44, 45, 46], "6": [1, 2, 3, 4, 5, 6, 8, 11, 14, 18, 20, 23, 24, 25, 26, 32, 33, 37, 38, 40, 41, 42, 43], "phassphras": [1, 2, 3, 4, 5, 6], "decod": [1, 2, 3, 4, 5, 6, 23, 24, 30, 40, 41, 44, 45, 46], "backend": [1, 2, 3, 4, 6, 14, 20, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "alias": [1, 2, 3, 4, 6, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 43, 46], "account_kei": [1, 2, 3, 4, 6], "path": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "contain": [1, 2, 3, 4, 5, 6, 7, 12, 14, 18, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 42, 46], "creat": [1, 4, 5, 6, 11, 17, 18, 19, 20, 25, 26, 27, 28, 29, 32, 35, 36, 42, 43, 45, 46], "openssl_privatekei": [1, 2, 3, 6, 9, 10, 11, 17, 25, 26, 27, 28, 29, 31, 33, 35, 36, 38, 42, 43], "openssl_privatekey_pip": [1, 2, 3, 6, 17, 25, 26, 29, 31, 32, 36, 42, 43], "If": [1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "requisit": [1, 2, 3, 6], "avail": [1, 2, 3, 4, 6, 8, 10, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 46], "directli": [1, 2, 3, 6, 10, 41, 42], "command": [1, 2, 3, 6, 18, 19], "line": [1, 2, 3, 6, 18], "tool": [1, 2, 3, 4, 6, 25, 26], "genrsa": [1, 2, 3, 6], "ecparam": [1, 2, 3, 4, 6], "genkei": [1, 2, 3, 4, 6], "ani": [1, 2, 3, 4, 6, 9, 10, 11, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 42, 43], "other": [1, 2, 3, 4, 6, 11, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 40, 41, 42, 45, 46], "pem": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 14, 17, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "format": [1, 2, 3, 4, 5, 6, 7, 11, 14, 17, 18, 19, 20, 23, 24, 28, 29, 30, 31, 32, 33, 36, 41, 42, 43, 45, 46], "well": [1, 2, 3, 4, 6, 12, 28, 29, 32, 33, 36, 42], "account_uri": [1, 2, 3, 4, 6], "assum": [1, 2, 3, 4, 6, 7, 9, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "uri": [1, 2, 3, 4, 6, 23, 24, 25, 26, 30, 40, 41, 44, 45, 46], "given": [1, 2, 3, 4, 5, 6, 17, 18, 25, 26, 37], "doe": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "match": [1, 2, 3, 4, 6, 7, 12, 19, 20, 25, 26, 27, 32, 33, 42, 46], "exist": [1, 2, 3, 4, 5, 6, 9, 11, 18, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 42, 43, 46], "fail": [1, 2, 3, 4, 6, 11, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 36, 40, 41, 42, 44, 45, 46], "acme_directori": [1, 2, 3, 4, 6, 42], "directori": [1, 2, 3, 4, 6, 7, 42], "entri": [1, 2, 3, 4, 5, 6, 12, 15, 16, 23, 24, 30, 34, 39, 40, 41, 42, 44, 46], "point": [1, 2, 3, 4, 6, 7, 11, 16, 19, 23, 24, 25, 26, 30, 31, 34, 35, 40, 41, 42, 43, 44, 45, 46], "url": [1, 2, 3, 4, 6], "access": [1, 2, 3, 4, 6, 12, 17, 25, 26, 29, 31, 32, 36, 42, 43, 46], "server": [1, 2, 3, 4, 9, 11, 12, 14, 17, 19, 25, 26, 42, 43], "api": [1, 2, 3, 4, 6, 17, 42, 43], "For": [1, 2, 3, 4, 6, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41, 42, 43, 44], "safeti": [1, 2, 3, 4, 6], "reason": [1, 2, 3, 4, 6, 25, 26, 42, 43, 44, 45, 46], "default": [1, 2, 3, 4, 6, 7, 10, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "set": [1, 2, 3, 4, 5, 6, 11, 13, 14, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "stage": [1, 2, 3, 4, 6, 42], "v1": [1, 2, 3, 4, 6], "technic": [1, 2, 3, 4, 6, 11], "correct": [1, 2, 3, 4, 6, 7, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "untrust": [1, 2, 3, 4, 6, 17], "all": [1, 2, 3, 4, 6, 7, 8, 9, 11, 14, 19, 20, 23, 24, 28, 30, 31, 32, 33, 39, 40, 41, 42, 43, 44, 45, 46], "endpoint": [1, 2, 3, 4, 6], "found": [1, 2, 3, 4, 6, 8, 12], "here": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "http": [1, 2, 3, 4, 5, 6, 11, 12, 14, 19, 25, 26, 32, 42, 43], "letsencrypt": [1, 2, 3, 4, 6, 42], "org": [1, 2, 3, 4, 6, 11, 25, 26, 42, 44, 45, 46], "doc": [1, 2, 3, 4, 6, 9, 10, 32, 42], "environ": [1, 2, 3, 4, 5, 6, 42], "buypass": [1, 2, 3, 4, 6, 42], "com": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 17, 19, 23, 24, 25, 26, 28, 29, 31, 32, 35, 36, 40, 41, 42, 43, 44, 45, 46], "t": [1, 2, 3, 4, 6, 9, 19, 20, 24, 25, 27, 28, 29, 31, 32, 35, 36, 41, 42, 46], "63d4ai": [1, 2, 3, 4, 6], "go": [1, 2, 3, 4, 6], "ssl": [1, 2, 4, 5, 6, 7, 12, 14, 17, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 41, 42, 43, 45, 46], "product": [1, 2, 3, 4, 6, 11, 33], "v02": [1, 2, 3, 4, 6, 42], "zerossl": [1, 2, 3, 4, 6], "dv90": [1, 2, 3, 4, 6], "sectigo": [1, 2, 3, 4, 6], "qa": [1, 2, 3, 4, 6], "secur": [1, 2, 3, 4, 6, 11, 14, 28, 42, 43], "trust": [1, 2, 3, 4, 6, 44, 45, 46], "provid": [1, 2, 3, 4, 5, 6, 9, 10, 11, 12, 14, 15, 16, 17, 18, 20, 23, 25, 26, 30, 32, 33, 34, 36, 40, 42, 43, 44, 45], "dv": [1, 2, 3, 4, 6], "list": [1, 2, 3, 4, 6, 7, 8, 11, 12, 14, 15, 16, 17, 19, 23, 24, 25, 26, 28, 30, 34, 39, 40, 41, 44], "servic": [1, 2, 3, 4, 6, 17, 42, 43], "test": [1, 2, 3, 4, 6, 11, 12, 20, 23, 24, 40, 41], "against": [1, 2, 3, 4, 6, 11, 14, 19], "acme_vers": [1, 2, 3, 4, 6], "integ": [1, 2, 3, 4, 6, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 40, 41, 42, 43, 44, 45, 46], "must": [1, 2, 3, 4, 5, 6, 9, 11, 12, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 45, 46], "classic": [1, 2, 3, 4, 6], "standard": [1, 2, 3, 4, 6, 11], "deprec": [1, 2, 3, 4, 6, 14, 20, 41, 42, 46], "from": [1, 2, 3, 4, 6, 7, 9, 10, 11, 12, 17, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 41, 42, 43, 45, 46], "3": [1, 2, 3, 4, 5, 6, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 28, 29, 31, 32, 33, 35, 36, 40, 41, 42, 43, 46], "choic": [1, 2, 3, 4, 5, 6, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "request_timeout": [1, 2, 3, 4, 6], "time": [1, 2, 3, 4, 6, 11, 12, 14, 18, 19, 23, 24, 28, 30, 31, 34, 35, 40, 41, 42, 43, 44, 45, 46], "should": [1, 2, 3, 4, 5, 6, 8, 11, 12, 14, 19, 20, 23, 24, 25, 26, 27, 28, 29, 32, 33, 36, 40, 41, 42, 43, 45, 46], "wait": [1, 2, 3, 4, 6], "respons": [1, 2, 3, 4, 6, 11], "timeout": [1, 2, 3, 4, 6, 14], "appli": [1, 2, 3, 4, 6, 11, 14, 19, 20], "request": [1, 2, 3, 4, 5, 7, 8, 9, 10, 14, 15, 16, 17, 18, 19, 20, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "head": [1, 2, 3, 4, 6], "get": [1, 2, 3, 4, 6, 11, 17, 19, 20, 24, 25, 27, 28, 29, 31, 32, 35, 36, 41, 42, 45, 46], "post": [1, 2, 3, 4, 6, 11], "10": [1, 2, 3, 4, 6, 10, 14, 17, 18, 19, 20, 23, 30, 32, 33, 34, 36, 39, 40, 41, 42, 43, 44], "retrieve_ord": 1, "whether": [1, 2, 3, 4, 6, 8, 9, 11, 12, 14, 19, 20, 23, 24, 25, 26, 27, 28, 30, 31, 32, 36, 40, 41, 42, 43, 44, 45, 46], "order": [1, 3, 6, 11, 14, 15, 16, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 34, 35, 36, 39, 40, 41, 42, 44, 45, 46], "object": [1, 3, 6, 17, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "A": [1, 2, 5, 7, 8, 11, 14, 16, 24, 25, 26, 31, 35, 37, 39, 41, 42, 43, 45, 46], "ignor": [1, 2, 3, 7, 11, 19, 20, 23, 24, 25, 26, 28, 30, 33, 39, 40, 41, 42, 43, 44, 45, 46], "fetch": 1, "order_uri": [1, 3, 6], "alwai": [1, 2, 3, 4, 5, 6, 8, 10, 11, 12, 14, 19, 20, 28, 31, 32, 33, 41, 42, 43, 46], "popul": 1, "option": [1, 2, 3, 4, 6, 11, 14, 18, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 41, 42, 43, 46], "object_list": 1, "current": [1, 3, 8, 11, 12, 14, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 42, 43, 46], "so": [1, 2, 3, 4, 6, 11, 12, 18, 19, 20, 23, 25, 27, 28, 29, 30, 31, 32, 33, 36, 40, 42, 44, 46], "result": [1, 4, 5, 9, 10, 11, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 40, 41, 42, 43, 44, 45, 46], "empti": [1, 3, 8], "url_list": 1, "select_crypto_backend": [1, 2, 3, 4, 6, 14, 24, 25, 26, 27, 28, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43], "determin": [1, 2, 3, 4, 6, 14, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43], "auto": [1, 2, 3, 4, 6, 14, 20, 24, 25, 26, 27, 28, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43], "tri": [1, 2, 3, 4, 6, 7, 14, 24, 25, 26, 27, 28, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43], "fall": [1, 2, 3, 4, 6, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "back": [1, 2, 3, 4, 6, 9, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "try": [1, 2, 3, 4, 6, 7, 8, 14, 18, 24, 25, 26, 27, 28, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43], "binari": [1, 2, 3, 4, 6, 8, 14, 20, 27], "librari": [1, 2, 3, 4, 6, 8, 14, 19, 20, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "validate_cert": [1, 2, 3, 4, 6], "boolean": [1, 2, 3, 4, 6, 8, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 36, 37, 40, 41, 42, 43, 44, 45, 46], "call": [1, 2, 3, 4, 6, 11, 28, 41, 42, 46], "valid": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 14, 17, 19, 23, 24, 25, 26, 37, 38, 41, 42, 43, 46], "tl": [1, 2, 4, 6, 14, 17, 25, 26, 28, 29, 32, 33, 36, 42, 43], "ever": [1, 2, 3, 4, 6], "fals": [1, 2, 3, 4, 6, 8, 9, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 36, 37, 40, 41, 42, 43, 44, 45, 46], "purpos": [1, 2, 3, 4, 6, 11, 25, 26, 42, 43], "local": [1, 2, 3, 4, 6, 11, 12, 15, 16, 23, 30, 40, 42, 43, 44], "pebbl": [1, 2, 3, 4, 6], "true": [1, 2, 3, 4, 6, 8, 9, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 36, 37, 40, 41, 42, 43, 44, 45, 46], "descript": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "action_group": [1, 2, 3, 4, 6], "action": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 19, 20, 24, 25, 27, 28, 31, 32, 33, 35, 36, 37, 38, 41, 42, 45, 46], "group": [1, 2, 3, 4, 6, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 34, 35, 36, 40, 41, 42, 46], "module_default": [1, 2, 3, 4, 6], "check_mod": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "full": [1, 2, 3, 7, 8, 11, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "modifi": [1, 3, 4, 5, 6, 7, 8, 11, 12, 14, 17, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "state": [1, 2, 3, 5, 7, 8, 14, 18, 19, 20, 24, 25, 27, 28, 31, 32, 35, 36, 37, 38, 41, 42, 45, 46], "run": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "statu": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "predict": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "target": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "diff_mod": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "n": [1, 5, 6, 7, 8, 14, 24, 31, 35, 37, 41, 45], "Will": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 45, 46], "what": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "possibli": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "diff": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "mode": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "acme_account": [1, 3, 17], "acme_account_fact": 1, "befor": [1, 3, 12, 15, 23, 30, 34, 39, 40, 42, 43, 44, 46], "8": [1, 3, 4, 18, 19, 20, 25, 27, 28, 29, 32, 36, 42], "usag": [1, 3, 7, 10, 11, 17, 18, 25, 42, 43, 46], "did": [1, 3, 33], "new": [1, 2, 3, 4, 5, 6, 8, 9, 11, 12, 15, 16, 18, 19, 20, 23, 25, 26, 27, 28, 29, 30, 32, 33, 34, 35, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "enough": [1, 2, 3, 4, 6, 19, 20, 25, 27, 28, 29, 32, 36, 42], "instead": [1, 2, 3, 4, 6, 10, 18, 19, 25, 26, 32, 33, 46], "explicitli": [1, 2, 3, 4, 6, 29, 31, 32], "disabl": [1, 2, 3, 4, 6, 11, 18, 19, 31], "enabl": [1, 2, 3, 4, 6, 11, 19, 25, 26], "slower": [1, 2, 3, 4, 6], "less": [1, 2, 3, 4, 6, 12, 19], "have": [1, 2, 3, 4, 6, 10, 11, 12, 13, 15, 16, 19, 20, 23, 25, 27, 28, 29, 30, 31, 32, 33, 34, 36, 39, 40, 42, 43, 44, 46], "store": [1, 2, 3, 4, 6, 10, 11, 12, 18, 26, 28, 29, 42, 43], "although": [1, 2, 3, 4, 6], "chosen": [1, 2, 3, 4, 6, 28], "principl": [1, 2, 3, 4, 6], "far": [1, 2, 3, 4, 6], "develop": [1, 2, 3, 4, 6, 42], "we": [1, 2, 3, 4, 5, 6, 9, 28, 32, 33], "got": [1, 2, 3, 4, 6], "feedback": [1, 2, 3, 4, 6], "thei": [1, 2, 3, 4, 6, 12, 14, 18, 20, 27, 32, 33, 41, 45], "incommon": [1, 2, 3, 4, 6], "experi": [1, 2, 3, 4, 6], "problem": [1, 2, 3, 4, 6], "anoth": [1, 2, 3, 4, 6, 7, 9, 10, 11, 18, 23, 24, 30, 32, 40, 41, 43, 44, 45, 46], "pleas": [1, 2, 3, 4, 6, 7, 9, 14, 20, 25, 26, 27, 29, 32, 33, 42, 43], "issu": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "help": [1, 2, 3, 4, 6, 11], "u": [1, 2, 3, 4, 6, 19, 20, 25, 27, 28, 29, 32, 36, 42, 43], "mention": [1, 2, 3, 4, 6, 28], "appreci": [1, 2, 3, 4, 6], "name": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "check": [1, 3, 7, 9, 11, 17, 19, 23, 24, 25, 26, 27, 28, 31, 32, 33, 36, 37, 41, 44, 45, 46], "etc": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 24, 25, 26, 27, 28, 29, 31, 32, 35, 36, 41, 42, 43, 45, 46], "pki": [1, 2, 3, 4, 5, 6, 8, 12], "cert": [1, 2, 3, 4, 5, 6, 8, 11, 14, 19, 23, 24, 25, 26, 28, 30, 37, 38, 40, 41, 44, 46], "regist": [1, 3, 5, 6, 7, 8, 9, 10, 14, 24, 26, 31, 33, 35, 37, 38, 41, 42, 43, 45], "account_data": 1, "verifi": [1, 7, 12, 17, 38, 42], "builtin": [1, 3, 7, 8, 14, 15, 16, 23, 24, 26, 30, 31, 33, 34, 35, 37, 38, 39, 40, 41, 42, 43, 44, 45], "assert": [1, 37, 38, 41, 42], "print": [1, 26, 39, 43, 45], "debug": [1, 2, 3, 4, 6, 8, 11, 14, 15, 16, 23, 24, 26, 30, 31, 33, 34, 35, 39, 40, 41, 43, 44, 45], "var": [1, 3, 6, 8, 14, 24, 26, 31, 35, 41, 43], "contact": [1, 2, 3, 6], "acme_account_kei": 1, "acme_account_uri": 1, "common": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "document": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "follow": [1, 2, 3, 5, 6, 7, 8, 9, 11, 12, 13, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "field": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 45, 46], "uniqu": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "dictionari": [1, 2, 3, 5, 6, 8, 11, 14, 18, 23, 24, 25, 26, 30, 31, 32, 33, 34, 35, 36, 40, 41, 44, 45, 46], "element": [1, 2, 3, 7, 8, 11, 12, 14, 16, 19, 23, 24, 25, 26, 28, 30, 31, 34, 35, 39, 40, 41, 44, 45, 46], "challeng": [1, 3, 6, 17, 42], "resourc": [1, 3, 5, 12], "sampl": [1, 3, 4, 5, 6, 8, 11, 12, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 44, 45, 46], "mailto": [1, 2, 6], "me": [1, 2, 6], "tel": 1, "00123456789": 1, "queri": [1, 3, 24, 31, 35, 41], "public_account_kei": 1, "public": [1, 3, 11, 17, 19, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 40, 41, 42, 43], "json": [1, 6, 11, 14, 44, 45], "web": [1, 12], "kty": [1, 6], "ec": [1, 3, 17, 42, 43], "crv": 1, "p": [1, 23, 24, 30, 31, 34, 35, 40, 41], "256": [1, 19, 20], "x": [1, 6, 14, 17, 23, 24, 30, 31, 34, 35, 45], "mkbctnickusdii11yss3526idz8aito7tu6kpaqv7d4": 1, "y": [1, 14, 23, 24, 30, 31, 34, 35, 40, 41], "4etl6srw2yilurn5vfvvhuhp7x8pxltmwwlbbm4ifym": 1, "deactiv": [1, 2, 3, 11], "none": [1, 2, 3, 4, 5, 6, 11, 12, 14, 18, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 36, 38, 40, 41], "success": [1, 3, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "error": [1, 3, 4, 6, 8, 11, 18, 42], "occur": [1, 46], "dure": [1, 2, 3, 11, 19, 28], "about": [1, 2, 11, 12, 14, 19, 25, 26, 30, 31], "structur": 1, "rfc7807": 1, "expir": [1, 3, 6, 10, 11, 12, 14, 40, 41, 42, 43, 46], "timestamp": [1, 19, 25, 27, 28, 29, 32, 36, 41, 42, 43, 45, 46], "describ": [1, 15, 23, 25, 26, 30, 34, 39, 40, 44], "rfc3339": [1, 11], "includ": [1, 3, 7, 9, 11, 12, 19, 20, 25, 27, 28, 29, 32, 36, 40, 41, 42, 44, 45, 46], "pend": [1, 11], "give": [1, 19, 20, 25, 27, 28, 29, 32, 36, 42], "expiri": [1, 11, 42, 43], "date": [1, 6, 7, 11, 14, 40, 41, 42, 43, 44, 45, 46], "final": [1, 3], "identifi": [1, 2, 3, 5, 11, 18, 19, 23, 24, 25, 26, 40, 41, 42, 43], "type": [1, 3, 5, 6, 10, 11, 12, 15, 16, 18, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 46], "dn": [1, 3, 5, 9, 10, 12, 23, 24, 25, 26, 30, 40, 41, 42, 44, 45, 46], "ip": [1, 3, 5, 14, 23, 24, 25, 26, 40, 41], "hostnam": [1, 14], "address": [1, 2, 3, 5, 11, 12, 19, 23, 24, 30, 40, 41, 44, 45, 46], "wildcard": [1, 3], "actual": [1, 5, 19, 20, 25, 27, 28, 29, 32, 36, 42], "prefix": [1, 2, 25, 26], "notaft": [1, 40, 41], "notbefor": [1, 40, 41], "readi": [1, 11], "invalid": [1, 11, 39, 44, 45, 46], "felix": [1, 2, 4, 5, 6, 7, 8, 15, 16, 23, 24, 25, 26, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41, 43, 44, 45, 46], "fontein": [1, 2, 4, 5, 6, 7, 8, 15, 16, 23, 24, 25, 26, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41, 43, 44, 45, 46], "felixfontein": [1, 2, 4, 5, 6, 7, 8, 15, 16, 23, 24, 25, 26, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41, 43, 44, 45, 46], "tracker": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "repositori": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "sourc": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "submit": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "bug": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "report": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "featur": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "allow_cr": 2, "creation": [2, 3, 6, 18], "present": [2, 3, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 32, 36, 40, 41, 42, 46], "email": [2, 3, 11, 12, 23, 24, 25, 26, 30, 40, 41, 42, 43, 44, 45, 46], "ietf": [2, 3, 6, 25, 26], "html": [2, 3, 6, 25, 26, 32], "rfc8555": [2, 3, 6], "section": [2, 3, 4, 6, 25, 26], "7": [2, 3, 6, 14, 19, 20, 23, 24, 28, 35, 40, 41, 44, 45], "absent": [2, 18, 19, 20, 25, 27, 28, 32, 36, 42, 46], "changed_kei": 2, "external_account_bind": 2, "extern": [2, 3], "bind": [2, 3], "data": [2, 3, 5, 11, 12, 17, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 40, 41, 42, 43, 46], "like": [2, 3, 10, 42, 43], "specif": [2, 3, 4, 5, 6, 10, 11, 12, 18, 25, 26, 28, 41, 42, 43], "properli": [2, 6], "custom": [2, 11, 20], "alg": 2, "mac": [2, 28], "algorithm": [2, 14, 18, 19, 20, 23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 43, 44, 45, 46], "probabl": 2, "hs256": 2, "hs384": 2, "hs512": 2, "base64": [2, 3, 14, 23, 24, 28, 32, 33, 37, 38, 40, 41, 45, 46], "encod": [2, 3, 6, 11, 14, 23, 24, 28, 30, 32, 33, 37, 38, 40, 41, 44, 45, 46], "pad": 2, "symbol": [2, 7, 19, 20, 25, 27, 28, 29, 32, 36, 42], "end": [2, 3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42], "omit": [2, 9, 18, 19, 20], "kid": 2, "new_account_key_cont": 2, "same": [2, 3, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 46], "restrict": [2, 3, 19, 25, 26], "new_account_key_src": 2, "new_account_key_passphras": 2, "inform": [2, 3, 4, 5, 6, 8, 10, 11, 12, 14, 17, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 42, 43], "touch": 2, "terms_agre": [2, 3], "indic": [2, 3, 11, 14, 25, 26, 31, 33], "agre": [2, 3], "term": [2, 3, 6], "acme_certif": [2, 5, 6, 7, 17], "do": [2, 3, 6, 9, 10, 11, 12, 18, 19, 20, 25, 27, 28, 29, 31, 32, 33, 36, 42], "basic": [2, 3, 23, 24, 25, 26, 30, 31, 34, 35, 40, 41], "manag": [2, 3, 4, 5, 6, 11, 17, 36], "both": [2, 3, 11, 20, 24, 25, 26, 31, 35, 36, 37, 38, 41, 43, 45, 46], "recommend": [2, 11, 12, 42, 43], "modify_account": [2, 3], "automat": [2, 3, 4, 5, 6, 18, 32, 33, 42], "rfc": [2, 3, 4, 5, 6, 25, 26], "8555": [2, 3, 4, 5, 6], "retriev": [2, 3, 6, 14, 17, 25, 26, 42, 43], "fact": 2, "write": [2, 3, 6, 7, 9, 18, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 43, 46], "acme_inspect": [2, 3, 4, 17], "make": [2, 3, 6, 11, 14, 18, 20, 30, 31, 32, 33, 37, 38, 41, 46], "sure": [2, 3, 18, 20, 30, 31, 32, 33, 37, 38, 46], "TOS": 2, "myself": [2, 3], "one": [2, 3, 4, 7, 9, 11, 12, 14, 16, 19, 20, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "variabl": [2, 3, 9, 15, 16, 23, 24, 30, 31, 34, 39, 40, 44], "new_account_kei": 2, "renew": [3, 11], "implement": [3, 33, 42, 43], "01": [3, 6, 11, 17, 19, 32, 33, 36], "alpn": [3, 6, 17], "twice": 3, "two": [3, 25, 26], "differ": [3, 4, 10, 12, 14, 19, 20, 25, 27, 32, 36, 42, 46], "task": [3, 11, 19, 20, 32, 33, 41], "output": [3, 6, 8, 11, 19, 28, 32, 33], "first": [3, 5, 6, 10, 11, 12, 18, 28, 41], "record": [3, 11, 12], "pass": [3, 9, 11], "second": [3, 12, 14, 18, 41, 42, 43, 46], "between": [3, 18, 20], "fulfil": 3, "step": [3, 11, 28], "whatev": 3, "mean": [3, 11, 37], "necessari": [3, 19], "destin": [3, 11, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42], "webserv": 3, "serv": [3, 42], "perform": [3, 11, 12, 18, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 46], "how": [3, 5, 12, 14, 17, 23, 24, 25, 26, 30, 32, 40, 41, 42, 44, 45, 46], "read": [3, 9, 18, 19, 20, 25, 27, 28, 29, 32, 33, 36, 37, 38, 42, 43, 46], "through": 3, "main": 3, "consid": [3, 19, 20, 25, 26, 27, 28, 32, 42], "experiment": 3, "accord": [3, 25, 26], "8738": 3, "account_email": 3, "associ": [3, 7, 11, 12], "account": [3, 4, 5, 6, 8, 11, 17], "more": [3, 7, 11, 14, 19, 25, 26, 28, 42, 43, 46], "than": [3, 4, 11, 12, 19, 20, 23, 24, 25, 26, 28, 30, 40, 41, 42, 43, 44, 45, 46], "updat": [3, 6, 12, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 46], "most": [3, 18], "agreement": [3, 11, 23, 24, 40, 41], "latest": [3, 32, 46], "gather": 3, "chain_dest": 3, "chain": [3, 11, 14, 17, 42], "intermedi": [3, 7, 11, 28, 33, 42], "some": [3, 4, 14, 18, 19, 20, 25, 27, 28, 29, 32, 33, 36, 37, 38, 42, 44, 45], "assur": 3, "could": [3, 11, 25, 27, 31, 32, 42, 43], "foo": [3, 18, 19], "certain": [3, 19, 41], "period": [3, 42, 43], "csr": [3, 5, 6, 7, 9, 10, 11, 17, 27, 28, 30, 32, 33, 36, 41, 42, 43], "src": [3, 9, 28, 43], "openssl_csr": [3, 10, 11, 17, 24, 26, 27, 28, 32, 33, 36, 42, 43], "req": 3, "mai": [3, 11, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 43], "multipl": [3, 9, 10, 11, 17, 23, 24, 25, 26, 28, 30, 31, 34, 35, 40, 41], "subject": [3, 7, 10, 11, 14, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 32, 36, 40, 41, 42, 43, 44, 46], "altern": [3, 10, 11, 25, 26, 42, 43], "each": [3, 9, 11, 15, 16, 23, 30, 32, 33, 34, 36, 39, 40, 44], "lead": [3, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "individu": [3, 19], "sign": [3, 5, 8, 11, 14, 17, 19, 27, 28, 32, 33, 36, 37, 40, 41, 42, 43, 44, 45, 46], "bad": 3, "idea": 3, "view": 3, "precis": 3, "csr_content": [3, 9, 10, 42, 43], "openssl_csr_pip": [3, 9, 10, 17, 24, 25, 32, 33, 36, 42, 43], "ongo": 3, "previou": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "non": [3, 8, 11, 19], "activ": [3, 6, 11, 12], "taken": 3, "mark": [3, 25, 26], "no_log": [3, 32, 33], "up": [3, 5, 11, 15, 16, 18, 19, 20, 23, 25, 27, 28, 29, 30, 32, 34, 36, 39, 40, 41, 42, 44], "longer": [3, 18, 25, 26], "wai": [3, 5, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "caus": [3, 14, 19, 20], "messag": 3, "come": 3, "unus": 3, "anywai": 3, "deactivate_authz": 3, "authent": [3, 6, 11, 12, 19, 25, 26, 42, 43], "authz": [3, 6], "after": [3, 18, 42, 43], "bound": 3, "remain": [3, 11, 12, 18, 19], "amount": 3, "re": [3, 12, 14, 20, 23, 24, 25, 26, 27, 28, 32, 33, 36, 40, 41, 42, 43, 46], "domain": [3, 5, 11, 17, 23, 24, 30, 40, 41, 44, 45, 46], "concern": [3, 25, 27, 32, 42], "dest": [3, 5, 7, 9, 26, 43], "fullchain_dest": [3, 6], "forc": [3, 11, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 43, 46], "enforc": 3, "even": [3, 4, 11, 18, 19, 20, 27, 28, 32, 36, 42, 43], "remaining_dai": [3, 11], "especi": [3, 32], "addit": [3, 11, 18, 25, 26], "desir": [3, 18], "fullchain": [3, 6, 7], "want": [3, 9, 10, 11, 12, 18, 20, 25, 26, 30, 31, 46], "avoid": [3, 11, 12, 19, 20, 25, 27, 28, 29, 31, 32, 36, 41, 42, 43, 46], "accident": [3, 30, 31, 32, 33], "old": [3, 11, 25, 26, 41, 42, 46], "number": [3, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 34, 35, 36, 40, 41, 42, 43, 44, 45, 46], "dai": [3, 11, 12, 14, 41, 42, 43], "left": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "being": [3, 11, 19, 32, 33, 41, 42, 43], "cert_dai": [3, 11], "challenge_data": [3, 5], "retrieve_all_altern": 3, "offer": [3, 9, 10], "These": [3, 17, 23, 25, 26, 30, 40, 44], "togeth": [3, 18, 28], "all_chain": 3, "select_chain": 3, "criteria": 3, "select": [3, 5, 10, 20, 28, 32, 33], "until": [3, 7, 11, 14], "criterium": 3, "header": [3, 5, 6], "determinist": 3, "everi": [3, 11, 12, 16, 20, 23, 24, 25, 26, 29, 30, 31, 32, 33, 34, 35, 40, 41, 42, 43, 46], "consist": [3, 19, 20, 25, 27, 28, 29, 31, 32, 36, 42], "condit": [3, 14, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "issuer": [3, 7, 14, 23, 24, 25, 26, 40, 41, 42, 44, 45, 46], "authority_key_identifi": [3, 23, 24, 25, 26, 40, 41], "authoritykeyidentifi": [3, 23, 24, 25, 26, 40, 41], "extens": [3, 5, 6, 14, 20, 23, 24, 25, 26, 40, 41, 44, 45, 46], "base": [3, 11, 18, 19, 32, 33], "form": [3, 7, 11, 40, 41], "c4": 3, "a7": 3, "b1": [3, 32, 33, 36], "a4": 3, "7b": 3, "2c": [3, 32, 33, 36], "71": [3, 32, 33, 36], "fa": 3, "db": 3, "e1": [3, 32, 33, 36], "4b": 3, "90": [3, 11, 12, 42, 43], "75": [3, 32, 33, 36], "ff": [3, 23, 24, 25, 26, 30, 31, 34, 35, 40, 41], "15": [3, 6, 11, 15, 16, 28, 42, 43], "60": [3, 11, 12, 32, 33, 36], "85": [3, 32, 33, 36], "89": 3, "would": [3, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "commonnam": [3, 23, 24, 25, 26, 40, 41, 42, 44, 45, 46], "my": [3, 32, 45, 46], "prefer": [3, 23, 24, 30, 40, 41, 44, 45, 46], "root": [3, 11, 14, 17, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "cn": [3, 9, 11, 14, 25, 26, 46], "subject_key_identifi": [3, 23, 24, 25, 26, 40, 41], "subjectkeyidentifi": [3, 23, 24, 40, 41], "a8": 3, "4a": [3, 23, 24, 30, 31, 34, 35, 40, 41], "6a": [3, 32, 33, 36], "63": [3, 11, 23, 24, 30, 31, 34, 35, 40, 41], "04": [3, 23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "7d": [3, 46], "dd": [3, 19, 23, 24, 25, 26, 32, 33, 36, 40, 41], "ba": [3, 23, 24, 30, 31, 34, 35, 40, 41], "e6": [3, 23, 24, 30, 31, 34, 35, 40, 41], "d1": 3, "39": [3, 32, 33, 36], "b7": 3, "a6": [3, 32, 33, 36], "45": 3, "65": 3, "ef": [3, 32, 33, 36], "f3": 3, "a1": [3, 32, 33, 36], "test_certif": 3, "exclud": [3, 19, 23, 24, 25, 26], "leaf": [3, 7], "ident": [3, 19], "last": [3, 18, 23, 24, 40, 41, 44, 45, 46], "furthest": 3, "awai": 3, "Its": 3, "safe_file_oper": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "strict": [3, 6, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "oper": [3, 11, 18, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "function": [3, 11, 18, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "ensur": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "proper": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "permiss": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "corrupt": [3, 11, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 46], "At": [3, 19], "least": [3, 11, 25, 26, 37, 38], "control": [3, 6, 12, 14, 15, 16, 23, 30, 33, 40, 44, 45], "over": 3, "rate": [3, 4], "limit": [3, 4, 18, 19], "8737": [3, 5, 6], "acme_challenge_cert_help": [3, 17], "prepar": [3, 17], "certificate_complete_chain": [3, 17], "find": [3, 7, 12], "acme_certificate_revok": [3, 17], "account_private_kei": 3, "httpd": [3, 4, 5, 6], "crt": [3, 4, 5, 6, 11, 12, 41, 42, 43, 46], "sample_com_challeng": [3, 5], "hashi": 3, "vault": [3, 18, 33], "lookup": [3, 7, 15, 23, 26, 30, 33, 34, 39, 40, 43, 44], "hashi_vault": 3, "secret": [3, 32], "copi": [3, 7, 9, 11, 12, 26, 42, 43], "www": [3, 7, 9, 10, 11, 14, 19, 23, 24, 25, 26, 40, 41, 42, 43], "resource_valu": 3, "item": [3, 5, 25, 39], "loop": [3, 5, 19, 20, 25, 27, 28, 29, 32, 36, 39, 42], "dict2item": 3, "v01": 3, "30": [3, 11, 32, 33, 36], "aw": 3, "route53": 3, "zone": 3, "txt": [3, 12, 19], "ttl": 3, "enclos": 3, "quot": [3, 19, 20, 25, 27, 28, 29, 32, 36, 42], "regex_replac": [3, 25], "map": [3, 11, 25, 41], "challenge_data_dn": 3, "dst": 3, "x3": 3, "cross": 3, "identrust": 3, "As": [3, 19, 20, 25, 27, 28, 29, 32, 36, 42], "long": [3, 12, 14], "switch": 3, "own": [3, 9, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 43, 46], "isrg": 3, "x1": 3, "compat": [3, 11, 14, 19, 28], "older": [3, 18, 28, 29, 32, 33, 36, 42], "client": [3, 11, 12, 14, 19, 25, 26, 42, 43, 44, 45, 46], "o": [3, 11, 14, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42], "digit": 3, "signatur": [3, 7, 17, 19, 23, 24, 25, 26, 38, 40, 41, 42, 44, 45, 46], "co": 3, "4": [3, 4, 8, 14, 18, 23, 24, 25, 26, 28, 36, 37, 38, 40, 41, 42], "itself": [3, 46], "concaten": [3, 7], "full_chain": 3, "token": [3, 19], "a5b1c3d2e9f8g7h6": 3, "12345": [3, 6, 23, 24, 40, 41], "2022": [3, 28], "08": [3, 11, 32, 33, 36], "01t01": 3, "02": [3, 11], "34z": 3, "04t01": 3, "03": [3, 11, 25, 27, 28, 29, 32, 36, 42, 46], "45z": 3, "per": [3, 28], "yet": [3, 6], "_acm": 3, "known": [3, 11, 12, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 34, 35, 36, 40, 41, 42, 44, 45, 46], "evagxfads6psrb2lav9izf17dt3juxgj": 3, "pct92wr": 3, "oa": 3, "resource_origin": 3, "origin": [3, 11, 14, 23, 24, 25, 27, 28, 29, 32, 36, 40, 41, 42, 46], "produc": 3, "blob": 3, "put": 3, "acmevalid": 3, "x509": 3, "editor": 3, "rfc8737": 3, "b64decod": [3, 9, 43], "jinja": 3, "filter": [3, 16, 24, 31, 35, 41, 45], "extract": [3, 14, 23, 24, 30, 40, 41, 46], "ilirfxkkxa": 3, "17dt3juxgj": 3, "finalization_uri": 3, "michael": 3, "gruener": 3, "mgruener": 3, "exactli": [4, 14, 20, 23, 24, 29, 40, 41], "private_key_src": [4, 5], "private_key_cont": [4, 5, 25, 26, 28, 36], "valu": 4, "private_key_passphras": [4, 5, 29], "revoke_reason": 4, "One": [4, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 46], "revoc": [4, 11, 17, 25, 26, 44], "reasoncod": 4, "defin": [4, 10, 11, 12, 13, 18, 25, 26, 32, 33, 42, 43, 46], "rfc5280": [4, 25, 26], "possibl": [4, 11, 14, 23, 24, 40, 41], "unspecifi": [4, 19, 20, 25, 27, 28, 29, 32, 36, 42, 44, 45, 46], "keycompromis": 4, "cacompromis": 4, "affiliationchang": 4, "supersed": [4, 25, 26, 44, 45, 46], "cessationofoper": 4, "certificatehold": 4, "removefromcrl": 4, "9": [4, 14, 17, 20, 32, 33, 41, 42], "privilegewithdrawn": 4, "aacompromis": 4, "return": 4, "alreadi": [4, 11, 12, 18, 19, 20, 25, 26, 27, 28, 32, 36, 42, 43, 45, 46], "unchang": [4, 18], "depend": [4, 8, 11, 14, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "raw": [5, 6, 14, 29, 32, 33], "convert": [5, 17, 20, 23, 24, 30, 32, 33, 40, 41, 44, 45, 46], "simpl": [5, 9, 10], "gener": [5, 7, 11, 17, 18, 23, 24, 29, 31, 35, 37, 38, 40, 41, 45], "dictsort": 5, "sample_com_challenge_cert": 5, "regular_certif": 5, "deliv": 5, "regular": [5, 6], "connect": [5, 6, 14], "except": [5, 6, 14, 20, 23, 24, 25, 26, 28, 32, 33, 40, 41, 46], "challenge_certif": 5, "achiev": 5, "veri": [5, 10, 45], "nginx": [5, 6], "search": 5, "ssl_preread": 5, "ssl_preread_alpn_protocol": 5, "rout": 5, "private_kei": [5, 19, 33], "identifier_typ": 5, "self": [5, 9, 17, 25, 26, 41, 42, 43], "place": [5, 23, 24, 30, 31, 34, 35, 40, 41], "attempt": [6, 20], "encount": 6, "wish": 6, "investig": 6, "sent": [6, 12], "method": [6, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "otherwis": [6, 11, 14, 18, 19, 20, 23, 24, 25, 27, 28, 29, 32, 36, 40, 41, 42, 44, 45, 46], "fail_on_acme_error": 6, "id": [6, 11, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "localhost": [6, 14, 25, 43], "m": [6, 14, 19, 25, 26, 41, 42, 43, 46], "acct": 6, "newaccount": 6, "termsofserviceagre": 6, "account_cr": 6, "locat": [6, 11, 12, 42, 45, 46], "account_info": 6, "to_json": 6, "certificate_request": 6, "someth": [6, 28, 41], "went": 6, "wrong": 6, "output_json": 6, "selectattr": 6, "equalto": 6, "http01challeng": 6, "manual": [6, 12], "a85k3x9f91a4": 6, "random": [6, 12], "33417": 6, "keychang": 6, "meta": 6, "caaident": 6, "termsofservic": 6, "le": 6, "sa": 6, "novemb": 6, "2017": 6, "pdf": 6, "websit": 6, "newnonc": 6, "nonc": 6, "neword": 6, "revokecert": 6, "lowercas": 6, "boulder": 6, "cach": 6, "max": 6, "ag": 6, "close": [6, 18], "length": [6, 20, 42], "904": 6, "applic": [6, 11, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "cooki": 6, "cookies_str": 6, "wed": 6, "07": [6, 23, 24, 30, 31, 34, 35, 40, 41], "nov": 6, "2018": [6, 11], "12": [6, 14, 17, 25, 26, 27, 32, 33, 36, 42, 43], "34": [6, 23, 24, 30, 31, 34, 35, 40, 41], "56": [6, 32, 33, 36], "gmt": [6, 42, 43], "44": [6, 23, 24, 25, 26, 40, 41], "rel": [6, 19, 25, 26, 41, 42, 43, 46], "msg": [6, 14, 15, 16, 23, 30, 33, 34, 39, 40, 44, 45], "ok": 6, "byte": [6, 18, 23, 24, 25, 26, 40, 41], "pragma": 6, "replai": 6, "1234567890abcdefghijklmnopqrstuvwxyzabcdefgh": 6, "200": 6, "transport": [6, 31], "604800": 6, "46161": 6, "frame": 6, "deni": 6, "pars": [6, 7, 14, 19, 20, 23, 24, 25, 27, 28, 29, 31, 32, 36, 40, 41, 42], "output_text": 6, "text": [6, 11, 12], "see": [7, 9, 14, 18, 19, 20, 46], "note": [7, 9, 18, 19, 23, 24, 27, 28, 29, 30, 31, 32, 33, 40, 44], "input_chain": 7, "intermediate_certif": 7, "filenam": [7, 11, 16, 19, 20, 25, 27, 28, 32, 36, 42, 46], "subdirectori": 7, "scan": 7, "root_certif": 7, "www_ansible_com": 7, "completechain": 7, "join": [7, 14, 23, 30, 40], "complete_chain": 7, "rootchain": 7, "input": [7, 12, 28], "python": [8, 14, 23, 24, 27, 28, 30, 31, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "crypto_inform": 8, "show": [8, 9, 10, 15, 16, 23, 30, 33, 34, 40, 42, 44], "openssl_pres": 8, "usr": [8, 19, 20, 25, 27, 28, 29, 32, 36, 42], "bin": [8, 19, 20, 25, 27, 28, 29, 32, 36, 42], "1m": 8, "version_output": 8, "14": [8, 32, 33, 36], "dec": 8, "2021": 8, "python_cryptography_cap": 8, "python_cryptography_instal": 8, "theoret": 8, "higher": [8, 11, 15, 16, 23, 30, 34, 39, 40, 44], "libssl": 8, "has_dsa": 8, "dsa": [8, 10, 20, 23, 24, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41], "has_dsa_sign": 8, "has_ec": 8, "has_ec_sign": 8, "has_ed25519": 8, "ed25519": [8, 20, 23, 24, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41], "has_ed25519_sign": 8, "has_ed448": 8, "ed448": [8, 23, 24, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41], "has_ed448_sign": 8, "has_rsa": 8, "has_rsa_sign": 8, "has_x25519": 8, "x25519": [8, 10, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "has_x25519_seri": 8, "serial": [8, 11, 14, 19, 23, 24, 25, 26, 40, 41, 44, 45, 46], "has_x448": 8, "x448": [8, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "python_cryptography_import_error": 8, "commun": [9, 10], "crypto": [9, 10], "guid": [9, 10], "exampl": [9, 10], "password": [9, 10, 11, 12, 18, 20, 25, 26, 28, 38, 42, 43, 46], "protect": [9, 10, 18, 20, 25, 26, 32, 33, 36, 38, 42, 43, 46], "secret_ca_passphras": 9, "instruct": [9, 12], "ask": 9, "pai": 9, "commerci": [9, 25, 26], "passphras": [9, 10, 18, 20, 25, 26, 28, 29, 30, 31, 32, 33, 36, 38, 42, 43, 46], "privatekey_path": [9, 10, 24, 25, 26, 28, 35, 36, 37, 38, 41, 42, 43, 46], "privatekey_passphras": [9, 10, 25, 26, 28, 36, 38, 42, 43, 46], "common_nam": [9, 10, 24, 25, 26], "use_common_name_for_san": [9, 25, 26], "san": [9, 10, 11, 25, 26], "don": 9, "basic_constraint": [9, 23, 24, 25, 26, 40, 41], "basic_constraints_crit": [9, 23, 24, 25, 26, 40, 41], "key_usag": [9, 23, 24, 25, 26, 40, 41, 42], "keycertsign": 9, "key_usage_crit": [9, 23, 24, 25, 26, 40, 41], "ca_csr": 9, "x509_certif": [9, 10, 12, 17, 22, 25, 26, 27, 28, 32, 33, 36, 37, 41, 43], "selfsign": [9, 10, 41, 42, 43], "x509_certificate_pip": [9, 17, 25, 26, 32, 33, 36, 41, 42], "server_1": 9, "while": [9, 11, 12, 32, 33, 42, 43], "our": [9, 43], "server_2": 9, "materi": [9, 31, 33], "leav": [9, 31], "respect": [9, 18, 23, 25, 26, 30, 34, 40], "delegate_to": [9, 14, 43], "run_onc": [9, 14], "subject_alt_nam": [9, 10, 11, 23, 24, 25, 26, 30, 40, 41, 42], "ownca": [9, 42, 43], "ownca_path": [9, 42, 43], "ownca_privatekey_path": [9, 42, 43], "ownca_privatekey_passphras": [9, 42, 43], "ownca_not_aft": [9, 42, 43], "365d": [9, 42, 43], "year": [9, 10, 11, 42, 43], "ownca_not_befor": [9, 42, 43], "1d": [9, 32, 33, 36, 41], "yesterdai": 9, "abov": 9, "procedur": 9, "idempot": [9, 18, 19, 28, 33, 42, 43, 46], "extend": [9, 11], "stat": 9, "certificate_exist": 9, "slurp": [9, 43], "els": [9, 28], "kind": 10, "start": [10, 23, 24, 30, 31, 34, 35, 40, 41, 42, 43], "paramet": [10, 15, 16, 17, 34, 39], "4096": [10, 20, 27, 31, 32, 33, 35], "bit": [10, 20, 23, 24, 27, 30, 31, 32, 33, 34, 35, 40, 41], "size": [10, 12, 18, 20, 23, 24, 27, 30, 31, 32, 33, 34, 35, 40, 41], "changem": 10, "proce": 10, "selfsigned_not_aft": [10, 42, 43], "roughli": 10, "selfsigned_not_befor": [10, 42, 43], "now": [10, 11, 19, 42, 43, 46], "properti": 10, "constraint": [10, 25, 26], "organization_nam": [10, 25, 26], "inc": [10, 11], "reissu": 11, "credenti": [11, 12, 42, 43], "organ": [11, 44], "system": [11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "those": [11, 19, 20, 25, 27, 28, 29, 32, 36, 42], "pyyaml": [11, 12], "11": [11, 12, 14, 19, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 34, 35, 36, 40, 41, 42, 46], "additional_email": 11, "receiv": [11, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42], "deliveri": 11, "notic": 11, "notif": 11, "backup": [11, 20, 25, 27, 28, 29, 32, 33, 36, 42, 46], "made": [11, 12, 19], "cert_expiri": 11, "compliant": 11, "2020": [11, 19, 20, 25, 27, 28, 29, 32, 36, 42], "23": 11, "23t15": 11, "00": [11, 19, 23, 24, 25, 26, 32, 33, 36, 40, 41, 42, 43], "05z": 11, "request_typ": 11, "issuanc": [11, 42, 43], "subsequ": 11, "initi": [11, 14], "month": [11, 42, 43], "choos": 11, "adjust": [11, 20, 42, 43], "eastern": 11, "est": [11, 42, 43], "unintend": 11, "effect": 11, "pool": 11, "inventori": 11, "model": 11, "cert_lifetim": 11, "lifetim": [11, 42, 43], "cert_typ": 11, "cds_individu": 11, "cds_group": 11, "cds_ent_lit": [11, 42, 43], "cds_ent_pro": [11, 42, 43], "smime_": [11, 42, 43], "p1y": 11, "p2y": 11, "p3y": 11, "standard_ssl": [11, 42, 43], "advantage_ssl": [11, 42, 43], "uc_ssl": [11, 42, 43], "ev_ssl": [11, 42, 43], "wildcard_ssl": [11, 42, 43], "private_ssl": [11, 42, 43], "pd_ssl": [11, 42, 43], "code_sign": 11, "ev_code_sign": 11, "client_id": [11, 12], "under": [11, 12], "primari": [11, 12], "cannot": [11, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 46], "distinguish": 11, "repres": 11, "64": 11, "around": [11, 31], "overrid": [11, 15, 16, 23, 30, 34, 39, 40, 44], "eku": 11, "ou": [11, 14, 25, 26], "organiz": 11, "unit": 11, "replac": [11, 33, 46], "ti": 11, "ct_log": 11, "complianc": 11, "browser": 11, "transpar": 11, "ct": 11, "log": [11, 19, 30, 31, 32, 33], "best": [11, 19, 20, 25, 27, 28, 29, 32, 36, 42], "practic": 11, "techniqu": 11, "owner": [11, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "monitor": 11, "elig": [11, 12], "custom_field": 11, "date1": 11, "date2": 11, "date3": 11, "date4": 11, "date5": 11, "dropdown1": 11, "dropdown": 11, "dropdown2": 11, "dropdown3": 11, "dropdown4": 11, "dropdown5": 11, "email1": 11, "email2": 11, "email3": 11, "email4": 11, "email5": 11, "number1": 11, "float": [11, 18], "number2": 11, "number3": 11, "number4": 11, "number5": 11, "text1": 11, "maximum": [11, 23, 24, 30, 31, 34, 35, 40, 41, 42, 43], "500": 11, "charact": 11, "text10": 11, "text11": 11, "text12": 11, "text13": 11, "text14": 11, "text15": 11, "text2": 11, "text3": 11, "text4": 11, "text5": 11, "text6": 11, "text7": 11, "text8": 11, "text9": 11, "server_auth": 11, "client_auth": 11, "server_and_client_auth": 11, "end_user_key_storage_agr": 11, "user": [11, 17, 18, 20, 25, 27, 28, 29, 32, 36, 42, 46], "code": 11, "cryptograph": [11, 17], "hardwar": 11, "csp": 11, "subscript": 11, "acknowledg": 11, "entrust_api_client_cert_key_path": [11, 12, 42, 43], "entrust_api_client_cert_path": [11, 12, 42, 43], "entrust_api_kei": [11, 12, 42, 43], "entrust_api_specification_path": [11, 12, 42, 43], "configur": [11, 12, 13, 15, 16, 18, 19, 20, 23, 25, 27, 28, 29, 30, 32, 33, 34, 36, 39, 40, 42, 43, 44, 46], "keep": [11, 12, 32, 42, 43], "download": [11, 12, 42, 43], "cloud": [11, 12, 42, 43], "net": [11, 12, 42, 43], "entrustcloud": [11, 12, 42, 43], "cm": [11, 12, 42, 43], "yaml": [11, 12, 42, 43], "entrust_api_us": [11, 12, 42, 43], "usernam": [11, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 43, 46], "regardless": 11, "within": [11, 12], "past": [11, 40, 41], "full_chain_path": 11, "unless": [11, 12, 18, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "behavior": [11, 20, 28, 32, 33, 42], "neither": 11, "nor": 11, "reus": 11, "unapprov": 11, "failur": [11, 14], "reserv": 11, "futur": 11, "calcul": 11, "tracking_id": 11, "obtain": [11, 12], "act": [11, 19], "upon": [11, 23, 24, 30, 31, 34, 35, 40, 41], "exmapl": 11, "refer": 11, "validate_onli": 11, "cautiou": 11, "along": 11, "requester_email": 11, "track": [11, 42, 43], "requester_nam": 11, "requester_phon": 11, "phone": [11, 42, 43], "arrai": 11, "subjectaltnam": [11, 25, 26], "understand": [11, 18], "tld": 11, "save": [11, 27], "referenc": 11, "tracking_info": 11, "free": 11, "attach": [11, 25, 26], "partial": 11, "bare": 11, "minimum": [11, 20, 42, 43], "jo": [11, 42], "jdoe": [11, 25, 42], "555": [11, 42], "5555": [11, 42], "apiusernam": [11, 12, 42], "lv": [11, 12, 42], "32": [11, 12, 19, 23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42], "cd9lnt": [11, 12, 42], "20": [11, 25], "79": [11, 32, 33, 36], "migrat": 11, "2378915": 11, "rather": 11, "overridden": [11, 27, 28], "testcertif": 11, "administr": [11, 12], "via": [11, 42], "itsupport": 11, "jsmith": 11, "admin": [11, 12], "invoic": 11, "25": [11, 32, 33, 36], "342": 11, "sale": 11, "red": 11, "backup_fil": [11, 25, 27, 28, 29, 32, 36, 42, 46], "2019": [11, 19, 25, 27, 28, 29, 32, 36, 42, 43, 46], "09": [11, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 46], "22": [11, 23, 24, 25, 26, 27, 28, 29, 32, 33, 36, 40, 41, 42, 46], "backup_full_chain_fil": 11, "253": 11, "cert_detail": 11, "guarante": 11, "forward": [11, 19], "releas": [11, 19], "take": [11, 15, 16, 19, 20, 23, 24, 25, 27, 30, 31, 32, 34, 35, 36, 40, 41, 42, 44, 45, 46], "howev": [11, 18, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "audit": 11, "cert_statu": 11, "expand": 11, "approv": [11, 12], "declin": [11, 12], "na": 11, "pending_quorum": 11, "suspend": 11, "serial_numb": [11, 14, 19, 40, 41, 44, 45, 46], "1235262234164342": 11, "380079": 11, "chri": [11, 12], "trufan": [11, 12], "ctrufan": [11, 12], "verification_method": 12, "domain_statu": 12, "dns_content": 12, "dns_locat": 12, "dns_resource_typ": 12, "web_serv": 12, "file_cont": 12, "file_loc": 12, "e": [12, 25, 26], "were": [12, 14], "pure": 12, "domain_nam": 12, "reverifi": 12, "verification_email": 12, "ownership": [12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "whoi": 12, "construct": 12, "webmast": 12, "hostmast": 12, "postmast": 12, "subdomain": 12, "top": 12, "level": [12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "example1": 12, "example2": 12, "preconstruct": 12, "namespac": 12, "exact": [12, 46], "verif": 12, "prove": 12, "There": [12, 18], "small": [12, 17], "delai": 12, "typic": 12, "Be": 12, "awar": 12, "mani": [12, 14, 46], "ecs_certif": [12, 17], "revalid": 12, "fewer": [12, 42, 43], "ev": 12, "belong": [12, 25, 26], "expect": [12, 32, 33, 41, 42, 43, 46], "ab23cd41432522ff2526920393982fab": 12, "_pki": 12, "cancel": 12, "initial_verif": 12, "re_verif": 12, "ev_days_remain": 12, "submiss": 12, "never": [12, 14, 19, 20, 32, 33, 42, 43, 46], "greater": [12, 19], "ov_days_remain": 12, "ev_elig": 12, "94": [12, 23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "ov_elig": 12, "abcd": 12, "ov": 12, "129": 12, "declar": 13, "core": [13, 17], "No": 13, "sni": 14, "proxy_host": 14, "asn1_base64": 14, "asn": [14, 23, 24, 40, 41, 42, 43, 44, 45, 46], "claim": 14, "ca_cert": [14, 43], "cipher": [14, 18, 32, 33], "libressl": 14, "fine": 14, "proxi": 14, "proxy_port": 14, "8080": 14, "server_nam": 14, "starttl": 14, "mysql": 14, "succe": 14, "rdp": 14, "3389": 14, "googl": 14, "443": 14, "expire_dai": 14, "not_aft": [14, 40, 41, 42], "to_datetim": 14, "d": [14, 19, 41, 42, 43, 46], "h": [14, 19, 41, 42, 43, 46], "sz": 14, "ansible_date_tim": 14, "iso8601": 14, "dt": 14, "asn1_data": 14, "surviv": 14, "also": [14, 19, 20, 46], "displai": [14, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "github": [14, 17], "80258": 14, "usual": [14, 19, 23, 24, 40, 41], "malform": [14, 23, 24, 40, 41], "critic": [14, 23, 24, 25, 26, 40, 41, 44, 45, 46], "not_befor": [14, 40, 41, 42], "signature_algorithm": [14, 19, 40, 41, 42], "john": 14, "westcott": 14, "iv": 14, "gnupg": [15, 16], "public_kei": [15, 16, 19, 20, 23, 24, 30, 31, 40, 41, 42], "low": [15, 16, 23, 30, 34, 39, 40, 44], "high": [15, 16, 23, 30, 34, 39, 40, 44], "prioriti": [15, 16, 23, 30, 34, 39, 40, 44], "lower": [15, 16, 23, 30, 34, 39, 40, 44], "author": 17, "newer": [17, 19, 32, 33, 37, 38], "matrix": 17, "room": 17, "im": 17, "question": 17, "irc": 17, "channel": [17, 31], "libera": 17, "network": 17, "mail": 17, "project": 17, "subscrib": 17, "acm": [17, 42], "requir": [17, 34, 39], "send": [17, 28, 44, 45], "direct": 17, "crypto_info": 17, "capabl": 17, "entrust": [17, 42, 43], "ecs_domain": 17, "get_certif": 17, "port": [17, 19], "luks_devic": 17, "luk": 17, "devic": 17, "openssh_cert": 17, "openssh": [17, 36], "openssh_keypair": [17, 36], "openssl_csr_info": [17, 25, 26, 42], "openssl_dhparam": [17, 25, 26, 28, 32, 33, 36, 42, 43], "diffi": [17, 25, 26, 28, 32, 33, 36, 42, 43], "hellman": [17, 25, 26, 28, 32, 33, 36, 42, 43], "openssl_pkcs12": [17, 25, 26, 27, 32, 33, 36, 42, 43], "pkc": [17, 19, 25, 26, 27, 32, 33, 36, 42, 43], "archiv": [17, 25, 26, 27, 32, 33, 36, 42, 43], "openssl_privatekey_convert": 17, "openssl_privatekey_info": [17, 32, 33, 35, 42], "openssl_publickei": [17, 25, 26, 27, 28, 29, 32, 33, 35, 42, 43], "openssl_publickey_info": 17, "openssl_signatur": [17, 37], "openssl_signature_info": [17, 38], "x509_certificate_info": [17, 21, 42], "509": [17, 45], "x509_crl": [17, 45], "crl": [17, 25, 26], "x509_crl_info": 17, "gpg_fingerprint": 17, "gpg": 17, "fingerprint": [17, 20, 23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "split_pem": 17, "split": 17, "destroi": 18, "open": 18, "cryptsetup": 18, "wipef": 18, "lsblk": 18, "blkid": 18, "label": [18, 23, 24, 30, 40, 41, 44, 45, 46], "uuid": 18, "pre": [18, 28], "kernel": 18, "ae": [18, 32, 33, 36], "plain": 18, "spec": 18, "essiv": 18, "cbc": 18, "sha256": [18, 20, 23, 24, 25, 26, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 43, 46], "dev": 18, "sda1": 18, "force_remove_last_kei": 18, "bewar": 18, "hash": [18, 23, 24, 30, 31, 34, 35, 40, 41], "setup": 18, "scheme": 18, "volum": 18, "digest": [18, 25, 26, 42, 43, 44, 45, 46], "keyfil": 18, "unlock": 18, "plaintext": 18, "danger": 18, "keysiz": [18, 32], "luks2": 18, "later": 18, "luks1": 18, "new_keyfil": 18, "add": [18, 19], "keyslot": 18, "new_passphras": 18, "pbkdf": 18, "deriv": 18, "argon2i": 18, "argon2id": 18, "pbkdf2": 18, "iteration_count": 18, "iter": 18, "count": 18, "iteration_tim": 18, "millisecond": 18, "memori": 18, "cost": 18, "kilobyt": 18, "argon": 18, "parallel": 18, "thread": 18, "perf_no_read_workqueu": 18, "bypass": 18, "dm": 18, "crypt": 18, "intern": 18, "workqueu": 18, "synchron": 18, "perf_no_write_workqueu": 18, "perf_same_cpu_crypt": 18, "cpu": 18, "io": 18, "unbound": 18, "balanc": 18, "perf_submit_from_crypt_cpu": 18, "offload": 18, "separ": [18, 19, 23, 24, 25, 26, 40, 41], "situat": [18, 20, 32, 33], "block": [18, 33], "singl": 18, "degrad": 18, "significantli": 18, "persist": 18, "metadata": 18, "them": [18, 19, 20, 25, 27, 28, 29, 32, 36, 42], "next": [18, 31], "remove_keyfil": 18, "filesystem": [18, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "remove_passphras": 18, "sector_s": 18, "sector": 18, "lock": 18, "suffic": 18, "explicit": 18, "With": 18, "loop0": 18, "mycrypt": 18, "keyfile2": 18, "personallabelnam": 18, "03ecd578": 18, "fad4": 18, "4e6c": 18, "9348": 18, "842e3e8fa340": 18, "suppli": 18, "c1da9a58": 18, "2fde": 18, "4256": 18, "9d9f": 18, "6ab008b4dd1b": 18, "jan": 18, "pokorni": 18, "japokorn": 18, "regener": [19, 20, 25, 26, 27, 28, 32, 33, 36, 42, 43, 46], "ssh": [19, 20], "keygen": [19, 20], "attr": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "flag": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "look": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "man": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "page": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "chattr": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "lsattr": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "equival": [19, 20, 32], "fed": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "chown": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "preserv": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "ignore_timestamp": [19, 42, 43, 46], "valid_from": 19, "valid_to": 19, "meet": 19, "chmod": [19, 20, 25, 27, 28, 29, 32, 36, 42], "rememb": [19, 20, 25, 27, 28, 29, 32, 36, 42], "octal": [19, 20, 25, 27, 28, 29, 32, 36, 42], "correctli": [19, 20, 25, 27, 28, 29, 32, 36, 42], "644": [19, 20, 25, 27, 28, 29, 32, 36, 42], "1777": [19, 20, 25, 27, 28, 29, 32, 36, 42], "convers": [19, 20, 25, 27, 28, 29, 32, 36, 42], "zero": [19, 20, 25, 27, 28, 29, 32, 36, 42], "0755": [19, 20, 25, 27, 28, 29, 32, 36, 42], "sometim": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "circumst": [19, 20, 25, 27, 28, 29, 32, 36, 42], "rule": [19, 20, 25, 27, 28, 29, 32, 36, 42], "decim": [19, 20, 25, 27, 28, 29, 32, 36, 42], "unexpect": [19, 20, 25, 27, 28, 29, 32, 36, 42], "rwx": [19, 20, 25, 27, 28, 29, 32, 36, 42], "rw": [19, 20, 25, 27, 28, 29, 32, 36, 42], "g": [19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 34, 35, 36, 40, 41, 42], "r": [19, 20, 24, 25, 27, 28, 29, 31, 32, 35, 36, 41, 42], "umask": [19, 20, 25, 27, 28, 29, 32, 36, 42], "newli": [19, 20, 25, 27, 28, 29, 32, 36, 42], "cve": [19, 20, 25, 27, 28, 29, 32, 36, 42], "1736": [19, 20, 25, 27, 28, 29, 32, 36, 42], "clear": 19, "shell": 19, "agent": 19, "permit": [19, 23, 24, 25, 26], "pty": 19, "alloc": 19, "rc": 19, "sshd": 19, "x11": 19, "address_list": 19, "comma": 19, "netmask": 19, "pair": [19, 25, 26, 46], "cidr": 19, "numer": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "confus": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "pkcs11_provid": 19, "resid": 19, "share": 19, "libpkcs11": 19, "signing_kei": 19, "princip": 19, "By": [19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 46], "unread": 19, "partial_idempot": [19, 20, 32, 33], "valid_at": [19, 41, 42], "full_idempot": [19, 20, 32, 33], "compar": 19, "selevel": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "selinux": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "context": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "ml": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "mc": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "rang": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "_default": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "portion": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "polici": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "keyrevocationlist": 19, "again": [19, 44, 45], "serol": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "role": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "setyp": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "seuser": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "sha": 19, "refus": 19, "sha2": 19, "512": 19, "correspond": [19, 20, 32, 33], "sshd_config": 19, "casignaturealgorithm": 19, "keyword": [19, 33, 41, 42], "prior": 19, "unsafe_writ": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "influenc": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "atom": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "prevent": [19, 20, 25, 27, 28, 29, 31, 32, 36, 42, 46], "inconsist": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "just": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "broken": [19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 46], "docker": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "mount": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "insid": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "unsaf": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "manner": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "doesn": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "race": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "use_ag": 19, "interpret": [19, 41, 42, 43, 46], "utc": [19, 41, 42, 43, 45, 46], "mainli": 19, "timespec": [19, 41, 42, 43, 46], "NOT": [19, 33, 42, 43, 46], "absolut": [19, 24, 31, 35, 41, 42, 43, 45, 46], "yyyi": 19, "mm": 19, "ddthh": 19, "ss": 19, "hh": 19, "w": [19, 24, 31, 35, 41, 42, 43, 46], "32w1d2h": [19, 41, 42, 43, 46], "1970": 19, "01t00": 19, "earlier": [19, 42, 43], "express": 19, "comparison": 19, "forev": 19, "pub": [19, 20, 35], "week": [19, 41], "32w": 19, "2w": 19, "examplehost": 19, "21": 19, "2001": 19, "tmp": [19, 20, 37, 38], "bla": 19, "ca_public_kei": 19, "info": [19, 23, 24, 40, 41], "l": [19, 25, 26], "f": 19, "david": [19, 20], "kainz": [19, 20], "lolcub": [19, 20], "rsa1": 20, "ecdsa": [20, 37, 38], "opensshbin": 20, "decrypt": [20, 28], "private_key_format": 20, "pkcs1": [20, 29, 32, 33], "keypair": 20, "pkcs8": [20, 29, 32, 33], "conform": [20, 32, 33], "unknown": [20, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "therefor": 20, "1024": 20, "2048": [20, 27, 28, 32, 33], "suffici": 20, "fip": 20, "186": 20, "three": [20, 41, 42, 43, 46], "384": 20, "521": 20, "fix": 20, "id_ssh_rsa": 20, "super_secret_password": 20, "id_ssh_dsa": 20, "r4yczxihvjedh2olfjvgi6y5xaytdcwk8vxkyzvyyfm": 20, "aaaab3nza": 20, "vel4e3xcw": 20, "name_encod": [23, 24, 30, 40, 41, 44, 45, 46], "idna": [23, 24, 30, 40, 41, 44, 45, 46], "key1": [23, 30, 40, 44], "value1": [23, 30, 40, 44], "key2": [23, 30, 40, 44], "value2": [23, 30, 40, 44], "idna2008": [23, 24, 30, 40, 41, 44, 45, 46], "idna2003": [23, 24, 30, 40, 41, 44, 45, 46], "unicod": [23, 24, 30, 40, 41, 44, 45, 46], "alt": [23, 30, 40], "authority_cert_issu": [23, 24, 25, 26, 40, 41], "idn": [23, 24, 40, 41, 44, 45, 46], "handl": [23, 24, 40, 41, 44, 45, 46], "authority_cert_serial_numb": [23, 24, 25, 26, 40, 41], "hexadecim": [23, 24, 40, 41], "33": [23, 24, 25, 26, 30, 31, 32, 33, 34, 35, 36, 40, 41], "55": [23, 24, 25, 26, 40, 41], "66": [23, 24, 25, 26, 32, 33, 36, 40, 41], "77": [23, 24, 25, 26, 32, 33, 36, 40, 41], "88": [23, 24, 25, 26, 32, 33, 36, 40, 41], "99": [23, 24, 25, 26, 32, 33, 36, 40, 41], "aa": [23, 24, 25, 26, 30, 31, 34, 35, 40, 41], "bb": [23, 24, 25, 26, 40, 41], "cc": [23, 24, 25, 26, 32, 33, 36, 40, 41], "ee": [23, 24, 25, 26, 32, 33, 36, 40, 41], "pathlen": [23, 24, 40, 41], "extended_key_usag": [23, 24, 25, 26, 40, 41, 42], "biometr": [23, 24, 40, 41], "dvc": [23, 24, 40, 41, 42], "stamp": [23, 24, 40, 41], "extended_key_usage_crit": [23, 24, 25, 26, 40, 41], "extensions_by_oid": [23, 24, 40, 41, 42], "oid": [23, 24, 40, 41], "24": [23, 24, 32, 33, 36, 40, 41], "mamcaqu": [23, 24, 40, 41], "der": [23, 24, 40, 41, 44, 45, 46], "encipher": [23, 24, 25, 26, 40, 41, 42], "name_constraints_crit": [23, 24, 25, 26], "name_constraint": [23, 24], "name_constraints_exclud": [23, 24, 25, 26], "subtre": [23, 24, 25, 26], "name_constraints_permit": [23, 24, 25, 26], "somedomain": [23, 24, 25, 26], "ocsp_must_stapl": [23, 24, 25, 26, 40, 41], "ocsp": [23, 24, 25, 26, 40, 41], "stapl": [23, 24, 25, 26, 40, 41], "ocsp_must_staple_crit": [23, 24, 25, 26, 40, 41], "begin": [23, 24, 30, 31, 40, 41], "miicijanbgkqhkig9w0baqefaaocag8a": [23, 30, 40], "public_key_data": [23, 24, 40, 41], "ecc": [23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "_valu": [23, 30, 34, 40], "public_key_typ": [23, 24, 40, 41], "expon": [23, 24, 30, 31, 34, 35, 40, 41], "exponent_s": [23, 24, 30, 31, 34, 35, 40, 41], "subgroup": [23, 24, 30, 31, 34, 35, 40, 41], "span": [23, 24, 30, 31, 34, 35, 40, 41], "prime": [23, 24, 30, 31, 34, 35, 40, 41], "modulu": [23, 24, 30, 31, 34, 35, 40, 41], "arithmet": [23, 24, 30, 31, 34, 35, 40, 41], "q": [23, 24, 30, 31, 34, 35, 40, 41], "divid": [23, 24, 30, 31, 34, 35, 40, 41], "coordin": [23, 24, 30, 31, 34, 35, 40, 41], "publicli": [23, 24, 30, 31, 34, 35, 40, 41], "whose": [23, 24, 30, 31, 34, 35, 40, 41, 43], "discret": [23, 24, 30, 31, 34, 35, 40, 41], "logarithm": [23, 24, 30, 31, 34, 35, 40, 41], "public_key_fingerprint": [23, 24, 30, 31, 40, 41], "comput": [23, 24, 30, 31, 34, 35, 40, 41], "d4": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "b3": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "6d": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "c8": [23, 24, 30, 31, 34, 35, 40, 41], "ce": [23, 24, 30, 31, 34, 35, 40, 41], "4e": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "f6": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "29": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "4d": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "92": [23, 24, 30, 31, 34, 35, 40, 41], "a3": [23, 24, 30, 31, 34, 35, 40, 41], "b0": [23, 24, 30, 31, 34, 35, 40, 41], "c2": [23, 24, 30, 31, 34, 35, 40, 41], "bd": [23, 24, 30, 31, 34, 35, 40, 41], "bf": [23, 24, 30, 31, 34, 35, 40, 41], "43": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "0f": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "51": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "95": [23, 24, 30, 31, 34, 35, 40, 41], "2f": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "sha512": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "f7": [23, 24, 30, 31, 34, 35, 40, 41], "f0": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "8b": [23, 24, 30, 31, 34, 35, 40, 41], "5f": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "f9": [23, 24, 30, 31, 34, 35, 40, 41], "61": [23, 24, 30, 31, 34, 35, 40, 41], "0a": [23, 24, 30, 31, 34, 35, 40, 41], "68": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "f1": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "signature_valid": [23, 24], "repeat": [23, 24, 28, 40, 41, 44, 45, 46], "emailaddress": [23, 24, 25, 26, 40, 41], "subject_alt_name_crit": [23, 24, 25, 26, 40, 41], "subject_ord": [23, 24, 25, 26, 40, 41, 42], "tupl": [23, 24, 25, 26, 40, 41, 44, 45, 46], "interact": [24, 31, 35, 41, 42, 43], "remot": [24, 31, 35, 41, 42, 43, 45, 46], "load": [24, 29, 31, 35, 41], "variant": [24, 31, 35, 41, 45], "dump": [24, 28, 31, 35, 41], "nmiicijanbgkqhkig9w0baqefaaocag8a": [24, 31, 41], "yani": [24, 25, 26, 31, 32, 33, 36, 41, 42, 43], "guenan": [24, 25, 26, 31, 32, 33, 36, 41, 42, 43], "spredzi": [24, 25, 26, 31, 32, 33, 36, 41, 42, 43], "seem": [25, 26, 42], "overwrit": [25, 27, 32, 42], "keyusag": [25, 26], "extendedkeyusag": [25, 26], "basicconstraint": [25, 26], "That": [25, 26], "rid": [25, 26], "dirnam": [25, 26], "othernam": [25, 26], "ones": [25, 26, 27], "mostli": [25, 26], "hex": [25, 26], "colon": [25, 26], "overwrot": [25, 27, 28, 29, 32, 36, 42, 46], "accid": [25, 27, 28, 29, 32, 36, 42, 46], "basicconstraints_crit": [25, 26], "country_nam": [25, 26], "c": [25, 26], "countrynam": [25, 26], "create_subject_key_identifi": [25, 26], "crl_distribution_point": [25, 26], "distribut": [25, 26], "crl_issuer": [25, 26], "full_nam": [25, 26], "relative_nam": [25, 26], "key_compromis": [25, 26, 44, 45, 46], "ca_compromis": [25, 26, 44, 45, 46], "affiliation_chang": [25, 26, 44, 45, 46], "cessation_of_oper": [25, 26, 44, 45, 46], "certificate_hold": [25, 26, 44, 45, 46], "privilege_withdrawn": [25, 26, 44, 45, 46], "aa_compromis": [25, 26, 44, 45, 46], "email_address": [25, 26], "extkeyusag": [25, 26], "extkeyusage_crit": [25, 26], "extendedkeyusage_crit": [25, 26], "keyusage_crit": [25, 26], "locality_nam": [25, 26], "localitynam": [25, 26], "ocspmuststapl": [25, 26], "rfc7633": [25, 26], "ocspmuststaple_crit": [25, 26], "reject": [25, 26], "organizationnam": [25, 26, 40, 41, 44, 45, 46], "organizational_unit_nam": [25, 26], "organizationalunitnam": [25, 26], "privatekey_cont": [25, 26, 28, 36, 38, 42, 43, 46], "return_cont": [25, 27, 28, 32, 36, 42, 46], "state_or_province_nam": [25, 26], "st": [25, 26], "stateorprovincenam": [25, 26], "compon": [25, 26, 46], "subjectaltname_crit": [25, 26], "row": [25, 26, 46], "usecommonnameforsan": [25, 26], "fill": [25, 26], "2986": [25, 26], "unsupport": [25, 26], "inlin": [25, 26, 36, 43], "fr": 25, "dynam": 25, "with_dict": 25, "dns_server": 25, "special": 25, "digitalsignatur": [25, 26], "keyagr": [25, 26], "clientauth": [25, 26], "winrm": 25, "auth": 25, "311": 25, "utf8": 25, "pathlenconstraint": [25, 26], "privatekei": [25, 26, 28, 29, 32, 33, 36, 46], "dh": 27, "param": 27, "detect": [27, 28], "Or": 27, "dhparam": 27, "thom": 27, "wigger": 27, "thomwigg": 27, "pyopenssl": 28, "iter_s": 28, "maciter_s": 28, "export": [28, 29, 32, 33], "certificate_path": [28, 37, 38], "encryption_level": 28, "compatibility2022": 28, "softwar": 28, "38": [28, 32, 33, 36], "friendly_nam": 28, "friendli": 28, "50000": 28, "other_certif": 28, "ca_certif": 28, "other_certificates_parse_al": 28, "pkcs12": 28, "mechan": 28, "safe": 28, "addition": 28, "backward": 28, "opt": 28, "p12": 28, "raclett": 28, "ca_bundl": 28, "bundl": [28, 39], "0600": [28, 29, 32], "regen": 28, "guillaum": 28, "delpierr": 28, "gdelpierr": 28, "dest_passphras": 29, "dest_path": 29, "src_content": 29, "src_path": 29, "src_passphras": 29, "return_private_key_data": [30, 31], "private_data": [30, 31], "public_data": [30, 31, 34, 35], "fake": 31, "key_is_consist": 31, "check_consist": 31, "potenti": 31, "side": 31, "attack": 31, "machin": [31, 42, 43], "can_load_kei": 31, "can_parse_kei": 31, "eddsa": [32, 33], "particular": 32, "maxim": [32, 33], "interoper": [32, 33], "secp384r1": [32, 33], "secp256r1": [32, 33], "iana": [32, 33], "registri": [32, 33], "secp224r1": [32, 33], "secp256k1": [32, 33], "secp521r1": [32, 33], "discourag": [32, 33], "secp192r1": [32, 33], "brainpoolp256r1": [32, 33], "brainpoolp384r1": [32, 33], "brainpoolp512r1": [32, 33], "sect163k1": [32, 33], "sect163r2": [32, 33], "sect233k1": [32, 33], "sect233r1": [32, 33], "sect283k1": [32, 33], "sect283r1": [32, 33], "sect409k1": [32, 33], "sect409r1": [32, 33], "sect571k1": [32, 33], "sect571r1": [32, 33], "tradit": [32, 33], "auto_ignor": [32, 33], "mismatch": [32, 33], "format_mismatch": [32, 33], "everyth": [32, 33, 46], "treat": [32, 41, 46], "appropri": 32, "care": 32, "shown": 32, "reference_appendic": 32, "faq": 32, "minim": [32, 33], "hashlib": [32, 33, 36], "md5": [32, 33, 36], "84": [32, 33, 36], "72": [32, 33, 36], "8d": [32, 33, 36], "b5": [32, 33, 36], "6c": [32, 33, 36], "37": [32, 33, 36], "83": [32, 33, 36], "f5": [32, 33, 36], "4c": [32, 33, 36], "sha1": [32, 33, 36], "7c": [32, 33, 36], "5d": [32, 33, 36], "eb": [32, 33, 36], "41": [32, 33, 36], "7e": [32, 33, 36], "1a": [32, 33, 36], "c7": [32, 33, 36], "f8": [32, 33, 36], "sha224": [32, 33, 36], "19": [32, 33, 36], "ac": [32, 33, 36], "ed": [32, 33, 36], "18": [32, 33, 36, 42, 43], "50": [32, 33, 36], "d3": [32, 33, 36], "06": [32, 33, 36, 42, 43], "5c": [32, 33, 36], "b2": [32, 33, 36], "91": [32, 33, 36], "52": [32, 33, 36], "8c": [32, 33, 36], "cb": [32, 33, 36], "d5": [32, 33, 36], "e9": [32, 33, 36], "9b": [32, 33, 36], "46": [32, 33, 36], "ab": [32, 33, 36], "70": [32, 33, 36], "cf": [32, 33, 36], "76": [32, 33, 36], "4f": [32, 33, 36], "57": [32, 33, 36], "6e": [32, 33, 36], "97": [32, 33, 36], "df": [32, 33, 36], "de": [32, 33, 36], "sha384": [32, 33, 36], "d9": [32, 33, 36], "40": [32, 33, 36], "59": [32, 33, 36], "c3": [32, 33, 36], "a2": [32, 33, 36], "e4": [32, 33, 36], "0b": [32, 33, 36], "1c": [32, 33, 36], "0c": [32, 33, 36], "9e": [32, 33, 36], "af": [32, 33, 36], "da": [32, 33, 36], "2e": [32, 33, 36], "c0": [32, 33, 36], "9a": [32, 33, 36], "3a": [32, 33, 36], "3d": [32, 33, 36], "fd": [32, 33, 36], "5e": [32, 33, 36], "48": [32, 33, 36], "9f": [32, 33, 36], "fe": [32, 33, 36], "7f": [32, 33, 36], "3f": [32, 33, 36], "cd": [32, 33, 36], "a5": [32, 33, 36], "e7": [32, 33, 36], "13": [32, 33, 36, 46], "82": [32, 33, 36], "87": [32, 33, 36], "1f": [32, 33, 36], "28": [32, 33, 36], "53": [32, 33, 36], "86": [32, 33, 36], "69": [32, 33, 36], "35": [32, 33, 36], "1e": [32, 33, 36], "consol": 33, "relat": 33, "content_base64": 33, "return_current_kei": 33, "value_specified_in_no_log_paramet": 33, "async": 33, "reveal": 33, "TO": 33, "OR": 33, "IN": 33, "mozilla": 33, "sop": 33, "sops_encrypt": 33, "content_text": 33, "overwritten": 33, "set_fact": 33, "publickei": 36, "certificate_cont": [37, 43], "example_fil": [37, 38], "sig": [37, 38], "patrick": [37, 38], "pichler": [37, 38], "aveexi": [37, 38], "marku": [37, 38, 41, 42, 43], "teufelberg": [37, 38, 41, 42, 43], "markusteufelberg": [37, 38, 41, 42, 43], "word": [40, 41, 45], "whole": [40, 41], "issuer_ord": [40, 41, 44, 45, 46], "issuer_uri": [40, 41], "20190413202428z": [40, 41, 42, 44, 45, 46], "20190331202428z": [40, 41, 42, 46], "ocsp_uri": [40, 41], "respond": [40, 41], "1234": [40, 41, 44, 45, 46], "sha256withrsaencrypt": [40, 41, 42, 44, 45, 46], "openssl_certificate_info": 41, "short": [41, 42], "redirect": [41, 42], "fqcn": [41, 42], "dict": 41, "pattern": [41, 42, 43, 45, 46], "yyyymmddhhmmssz": [41, 42, 43, 45, 46], "csr_path": [41, 42, 43], "tomorrow": 41, "point_1": 41, "point_2": 41, "3w": 41, "notion": [42, 43], "openssl_certif": 42, "intend": [42, 43], "tini": 42, "acme_accountkey_path": 42, "accountkei": 42, "acme_chain": 42, "acme_challenge_path": 42, "3chost": 42, "3e": 42, "80": 42, "job": 42, "entrust_cert_typ": [42, 43], "entrust_not_aft": [42, 43], "stop": [42, 43], "365": [42, 43], "cover": [42, 43], "entrust_requester_email": [42, 43], "entrust_requester_nam": [42, 43], "entrust_requester_phon": [42, 43], "better": [42, 43], "ownca_cont": [42, 43], "ownca_create_authority_key_identifi": [42, 43], "ownca_create_subject_key_identifi": [42, 43], "ski": [42, 43], "create_if_not_provid": [42, 43], "always_cr": [42, 43], "never_cr": [42, 43], "ownca_digest": [42, 43], "On": [42, 43], "maco": [42, 43], "onward": [42, 43], "825": [42, 43], "appl": [42, 43], "en": [42, 43], "ht210176": [42, 43], "3650d": [42, 43], "ownca_privatekey_cont": [42, 43], "resp": [42, 43], "ownca_vers": [42, 43], "nowadai": [42, 43], "almost": [42, 43], "emul": 42, "selfsigned_create_subject_key_identifi": [42, 43], "selfsigned_digest": [42, 43], "selfsigned_notaft": [42, 43], "selfsigned_notbefor": [42, 43], "selfsigned_vers": [42, 43], "minut": [42, 43, 46], "mandatori": [42, 43, 46], "dedic": [42, 43], "onc": [42, 43, 46], "ansible_ca": 42, "assertonli": 42, "invalid_at": 42, "valid_in": 42, "one_day_ten_hour": 42, "1d10h": 42, "fixed_timestamp": 42, "20200331202428z": 42, "ten_second": 42, "result_csr": 42, "result_privatekei": 42, "sha512withrsaencrypt": 42, "subject_strict": 42, "issuer_strict": 42, "has_expir": 42, "key_usage_strict": 42, "extended_key_usage_strict": 42, "subject_alt_name_strict": 42, "ownca_cert": 43, "ownca_privatekei": 43, "hunter2": 43, "the_csr": 43, "list_revoked_certif": [44, 45], "larg": [44, 45], "enumer": [44, 45], "last_upd": [44, 45, 46], "next_upd": [44, 45, 46], "revoked_certif": [44, 45, 46], "invalidity_d": [44, 45, 46], "suspect": [44, 45, 46], "compromis": [44, 45, 46], "becam": [44, 45, 46], "invalidity_date_crit": [44, 45, 46], "issuer_crit": [44, 45, 46], "remove_from_crl": [44, 45, 46], "reason_crit": [44, 45, 46], "revocation_d": [44, 45, 46], "crl_mode": 46, "interest": 46, "collis": 46, "combin": 46, "2345": 46, "20191013152910z": 46, "20191001000000z": 46, "20191010010203z": 46}, "objects": {}, "objtypes": {}, "objnames": {}, "titleterms": {"commun": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "crypto": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "acme_account_fact": 0, "acme_account_info": 1, "modul": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 17, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "retriev": [1, 8, 15, 16, 23, 30, 34, 40, 44, 45], "inform": [1, 23, 24, 30, 31, 34, 35, 40, 41, 44, 45], "acm": [1, 2, 3, 4, 5, 6], "account": [1, 2], "synopsi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "requir": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "paramet": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "attribut": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "note": [1, 2, 3, 4, 6, 11, 12, 14, 20, 25, 26, 37, 38, 41, 42, 43, 45, 46], "see": [1, 2, 3, 4, 5, 6, 11, 12, 15, 16, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45], "also": [1, 2, 3, 4, 5, 6, 11, 12, 15, 16, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45], "exampl": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "return": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "valu": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "author": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "collect": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "link": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "acme_account": 2, "creat": [2, 3, 9, 10], "modifi": 2, "delet": 2, "acme_certif": 3, "ssl": [3, 11], "tl": [3, 5, 11], "certif": [3, 4, 5, 7, 9, 10, 11, 12, 14, 19, 23, 24, 25, 26, 40, 41, 42, 43, 45, 46], "protocol": [3, 4], "acme_certificate_revok": 4, "revok": 4, "acme_challenge_cert_help": 5, "prepar": 5, "challeng": 5, "alpn": 5, "01": 5, "acme_inspect": 6, "send": 6, "direct": 6, "request": [6, 11, 12, 23, 24, 25, 26], "an": [6, 36], "server": 6, "certificate_complete_chain": 7, "complet": 7, "chain": 7, "given": 7, "set": [7, 9], "untrust": 7, "root": 7, "crypto_info": 8, "cryptograph": 8, "capabl": 8, "how": [9, 10], "small": 9, "ca": 9, "up": 9, "us": 9, "sign": [9, 10, 23, 24, 25, 26, 38], "self": 10, "ecs_certif": 11, "entrust": [11, 12], "servic": [11, 12], "ec": [11, 12], "api": [11, 12], "ecs_domain": 12, "valid": 12, "domain": 12, "index": [13, 17], "all": 13, "environ": 13, "variabl": 13, "get_certif": 14, "get": 14, "from": [14, 15, 16, 23, 30, 34, 36, 40, 44], "host": [14, 19], "port": 14, "gpg_fingerprint": [15, 16], "filter": [15, 17, 23, 30, 34, 39, 40, 44], "gpg": [15, 16], "fingerprint": [15, 16], "public": [15, 16, 20, 34, 35, 36], "privat": [15, 16, 20, 29, 30, 31, 32, 33, 36], "kei": [15, 16, 20, 29, 30, 31, 32, 33, 34, 35, 36], "input": [15, 23, 30, 34, 39, 40, 44], "lookup": [16, 17], "file": [16, 39], "term": 16, "descript": 17, "scenario": 17, "guid": 17, "plugin": 17, "luks_devic": 18, "manag": 18, "encrypt": 18, "luk": 18, "devic": 18, "openssh_cert": 19, "gener": [19, 20, 25, 26, 27, 28, 32, 33, 36, 42, 43, 46], "openssh": [19, 20], "user": 19, "openssh_keypair": 20, "openssl_certificate_info": 21, "openssl_certif": 22, "openssl_csr_info": [23, 24], "openssl": [23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 41, 42, 43], "csr": [23, 24, 25, 26], "keyword": [23, 30, 40, 44], "provid": [24, 31, 35, 41], "openssl_csr": 25, "openssl_csr_pip": 26, "openssl_dhparam": 27, "diffi": 27, "hellman": 27, "openssl_pkcs12": 28, "pkc": 28, "12": 28, "archiv": 28, "openssl_privatekey_convert": 29, "convert": 29, "openssl_privatekey_info": [30, 31], "openssl_privatekei": 32, "openssl_privatekey_pip": 33, "without": 33, "disk": 33, "access": 33, "openssl_publickey_info": [34, 35], "pem": [34, 39, 40, 44], "format": [34, 40, 44], "openssl_publickei": 36, "its": 36, "openssl_signature_info": 37, "verifi": 37, "signatur": 37, "openssl_signatur": 38, "data": 38, "split_pem": 39, "split": 39, "content": 39, "multipl": 39, "object": 39, "x509_certificate_info": [40, 41], "x": [40, 41, 44], "509": [40, 41, 44], "x509_certif": 42, "check": [42, 43], "x509_certificate_pip": 43, "x509_crl_info": [44, 45], "crl": [44, 45, 46], "revoc": [45, 46], "list": [45, 46], "x509_crl": 46}, "envversion": {"sphinx.domains.c": 3, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 9, "sphinx.domains.index": 1, "sphinx.domains.javascript": 3, "sphinx.domains.math": 2, "sphinx.domains.python": 4, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1, "sphinx": 60}, "alltitles": {"community.crypto.acme_account_facts": [[0, "community-crypto-acme-account-facts"]], "community.crypto.acme_account_info module \u2013 Retrieves information on ACME accounts": [[1, "community-crypto-acme-account-info-module-retrieves-information-on-acme-accounts"]], "Synopsis": [[1, "synopsis"], [2, "synopsis"], [3, "synopsis"], [4, "synopsis"], [5, "synopsis"], [6, "synopsis"], [7, "synopsis"], [8, "synopsis"], [11, "synopsis"], [12, "synopsis"], [14, "synopsis"], [15, "synopsis"], [16, "synopsis"], [18, "synopsis"], [19, "synopsis"], [20, "synopsis"], [23, "synopsis"], [24, "synopsis"], [25, "synopsis"], [26, "synopsis"], [27, "synopsis"], [28, "synopsis"], [29, "synopsis"], [30, "synopsis"], [31, "synopsis"], [32, "synopsis"], [33, "synopsis"], [34, "synopsis"], [35, "synopsis"], [36, "synopsis"], [37, "synopsis"], [38, "synopsis"], [39, "synopsis"], [40, "synopsis"], [41, "synopsis"], [42, "synopsis"], [43, "synopsis"], [44, "synopsis"], [45, "synopsis"], [46, "synopsis"]], "Requirements": [[1, "requirements"], [2, "requirements"], [3, "requirements"], [4, "requirements"], [5, "requirements"], [6, "requirements"], [7, "requirements"], [11, "requirements"], [12, "requirements"], [14, "requirements"], [15, "requirements"], [16, "requirements"], [18, "requirements"], [19, "requirements"], [20, "requirements"], [23, "requirements"], [24, "requirements"], [25, "requirements"], [26, "requirements"], [27, "requirements"], [28, "requirements"], [29, "requirements"], [30, "requirements"], [31, "requirements"], [32, "requirements"], [33, "requirements"], [35, "requirements"], [36, "requirements"], [37, "requirements"], [38, "requirements"], [40, "requirements"], [41, "requirements"], [42, "requirements"], [43, "requirements"], [44, "requirements"], [45, "requirements"], [46, "requirements"]], "Parameters": [[1, "parameters"], [2, "parameters"], [3, "parameters"], [4, "parameters"], [5, "parameters"], [6, "parameters"], [7, "parameters"], [11, "parameters"], [12, "parameters"], [14, "parameters"], [18, "parameters"], [19, "parameters"], [20, "parameters"], [24, "parameters"], [25, "parameters"], [26, "parameters"], [27, "parameters"], [28, "parameters"], [29, "parameters"], [31, "parameters"], [32, "parameters"], [33, "parameters"], [35, "parameters"], [36, "parameters"], [37, "parameters"], [38, "parameters"], [41, "parameters"], [42, "parameters"], [43, "parameters"], [45, "parameters"], [46, "parameters"]], "Attributes": [[1, "attributes"], [2, "attributes"], [3, "attributes"], [4, "attributes"], [5, "attributes"], [6, "attributes"], [7, "attributes"], [8, "attributes"], [11, "attributes"], [12, "attributes"], [14, "attributes"], [18, "attributes"], [19, "attributes"], [20, "attributes"], [24, "attributes"], [25, "attributes"], [26, "attributes"], [27, "attributes"], [28, "attributes"], [29, "attributes"], [31, "attributes"], [32, "attributes"], [33, "attributes"], [35, "attributes"], [36, "attributes"], [37, "attributes"], [38, "attributes"], [41, "attributes"], [42, "attributes"], [43, "attributes"], [45, "attributes"], [46, "attributes"]], "Notes": [[1, "notes"], [2, "notes"], [3, "notes"], [4, "notes"], [6, "notes"], [11, "notes"], [12, "notes"], [14, "notes"], [20, "notes"], [25, "notes"], [26, "notes"], [37, "notes"], [38, "notes"], [41, "notes"], [42, "notes"], [43, "notes"], [45, "notes"], [46, "notes"]], "See Also": [[1, "see-also"], [2, "see-also"], [3, "see-also"], [4, "see-also"], [5, "see-also"], [6, "see-also"], [11, "see-also"], [12, "see-also"], [15, "see-also"], [16, "see-also"], [23, "see-also"], [24, "see-also"], [25, "see-also"], [26, "see-also"], [27, "see-also"], [28, "see-also"], [29, "see-also"], [30, "see-also"], [31, "see-also"], [32, "see-also"], [33, "see-also"], [34, "see-also"], [35, "see-also"], [36, "see-also"], [37, "see-also"], [38, "see-also"], [40, "see-also"], [41, "see-also"], [42, "see-also"], [43, "see-also"], [44, "see-also"], [45, "see-also"]], "Examples": [[1, "examples"], [2, "examples"], [3, "examples"], [4, "examples"], [5, "examples"], [6, "examples"], [7, "examples"], [8, "examples"], [11, "examples"], [12, "examples"], [14, "examples"], [15, "examples"], [16, "examples"], [18, "examples"], [19, "examples"], [20, "examples"], [23, "examples"], [24, "examples"], [25, "examples"], [26, "examples"], [27, "examples"], [28, "examples"], [29, "examples"], [30, "examples"], [31, "examples"], [32, "examples"], [33, "examples"], [34, "examples"], [35, "examples"], [36, "examples"], [37, "examples"], [38, "examples"], [39, "examples"], [40, "examples"], [41, "examples"], [42, "examples"], [43, "examples"], [44, "examples"], [45, "examples"], [46, "examples"]], "Return Values": [[1, "return-values"], [2, "return-values"], [3, "return-values"], [5, "return-values"], [6, "return-values"], [7, "return-values"], [8, "return-values"], [11, "return-values"], [12, "return-values"], [14, "return-values"], [18, "return-values"], [19, "return-values"], [20, "return-values"], [24, "return-values"], [25, "return-values"], [26, "return-values"], [27, "return-values"], [28, "return-values"], [29, "return-values"], [31, "return-values"], [32, "return-values"], [33, "return-values"], [35, "return-values"], [36, "return-values"], [37, "return-values"], [38, "return-values"], [41, "return-values"], [42, "return-values"], [43, "return-values"], [45, "return-values"], [46, "return-values"]], "Authors": [[1, "authors"], [2, "authors"], [3, "authors"], [4, "authors"], [5, "authors"], [6, "authors"], [7, "authors"], [8, "authors"], [11, "authors"], [12, "authors"], [14, "authors"], [15, "authors"], [16, "authors"], [18, "authors"], [19, "authors"], [20, "authors"], [23, "authors"], [24, "authors"], [25, "authors"], [26, "authors"], [27, "authors"], [28, "authors"], [29, "authors"], [30, "authors"], [31, "authors"], [32, "authors"], [33, "authors"], [34, "authors"], [35, "authors"], [36, "authors"], [37, "authors"], [38, "authors"], [39, "authors"], [40, "authors"], [41, "authors"], [42, "authors"], [43, "authors"], [44, "authors"], [45, "authors"], [46, "authors"]], "Collection links": [[1, "collection-links"], [2, "collection-links"], [3, "collection-links"], [4, "collection-links"], [5, "collection-links"], [6, "collection-links"], [7, "collection-links"], [8, "collection-links"], [11, "collection-links"], [12, "collection-links"], [14, "collection-links"], [15, "collection-links"], [16, "collection-links"], [18, "collection-links"], [19, "collection-links"], [20, "collection-links"], [23, "collection-links"], [24, "collection-links"], [25, "collection-links"], [26, "collection-links"], [27, "collection-links"], [28, "collection-links"], [29, "collection-links"], [30, "collection-links"], [31, "collection-links"], [32, "collection-links"], [33, "collection-links"], [34, "collection-links"], [35, "collection-links"], [36, "collection-links"], [37, "collection-links"], [38, "collection-links"], [39, "collection-links"], [40, "collection-links"], [41, "collection-links"], [42, "collection-links"], [43, "collection-links"], [44, "collection-links"], [45, "collection-links"], [46, "collection-links"]], "community.crypto.acme_account module \u2013 Create, modify or delete ACME accounts": [[2, "community-crypto-acme-account-module-create-modify-or-delete-acme-accounts"]], "community.crypto.acme_certificate module \u2013 Create SSL/TLS certificates with the ACME protocol": [[3, "community-crypto-acme-certificate-module-create-ssl-tls-certificates-with-the-acme-protocol"]], "community.crypto.acme_certificate_revoke module \u2013 Revoke certificates with the ACME protocol": [[4, "community-crypto-acme-certificate-revoke-module-revoke-certificates-with-the-acme-protocol"]], "community.crypto.acme_challenge_cert_helper module \u2013 Prepare certificates required for ACME challenges such as tls-alpn-01": [[5, "community-crypto-acme-challenge-cert-helper-module-prepare-certificates-required-for-acme-challenges-such-as-tls-alpn-01"]], "community.crypto.acme_inspect module \u2013 Send direct requests to an ACME server": [[6, "community-crypto-acme-inspect-module-send-direct-requests-to-an-acme-server"]], "community.crypto.certificate_complete_chain module \u2013 Complete certificate chain given a set of untrusted and root certificates": [[7, "community-crypto-certificate-complete-chain-module-complete-certificate-chain-given-a-set-of-untrusted-and-root-certificates"]], "community.crypto.crypto_info module \u2013 Retrieve cryptographic capabilities": [[8, "community-crypto-crypto-info-module-retrieve-cryptographic-capabilities"]], "How to create a small CA": [[9, "how-to-create-a-small-ca"]], "Set up the CA": [[9, "set-up-the-ca"]], "Use the CA to sign a certificate": [[9, "use-the-ca-to-sign-a-certificate"]], "How to create self-signed certificates": [[10, "how-to-create-self-signed-certificates"]], "community.crypto.ecs_certificate module \u2013 Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API": [[11, "community-crypto-ecs-certificate-module-request-ssl-tls-certificates-with-the-entrust-certificate-services-ecs-api"]], "community.crypto.ecs_domain module \u2013 Request validation of a domain with the Entrust Certificate Services (ECS) API": [[12, "community-crypto-ecs-domain-module-request-validation-of-a-domain-with-the-entrust-certificate-services-ecs-api"]], "Index of all Collection Environment Variables": [[13, "index-of-all-collection-environment-variables"]], "community.crypto.get_certificate module \u2013 Get a certificate from a host:port": [[14, "community-crypto-get-certificate-module-get-a-certificate-from-a-host-port"]], "community.crypto.gpg_fingerprint filter \u2013 Retrieve a GPG fingerprint from a GPG public or private key": [[15, "community-crypto-gpg-fingerprint-filter-retrieve-a-gpg-fingerprint-from-a-gpg-public-or-private-key"]], "Input": [[15, "input"], [23, "input"], [30, "input"], [34, "input"], [39, "input"], [40, "input"], [44, "input"]], "Return Value": [[15, "return-value"], [16, "return-value"], [23, "return-value"], [30, "return-value"], [34, "return-value"], [39, "return-value"], [40, "return-value"], [44, "return-value"]], "community.crypto.gpg_fingerprint lookup \u2013 Retrieve a GPG fingerprint from a GPG public or private key file": [[16, "community-crypto-gpg-fingerprint-lookup-retrieve-a-gpg-fingerprint-from-a-gpg-public-or-private-key-file"]], "Terms": [[16, "terms"]], "Community.Crypto": [[17, "community-crypto"]], "Description": [[17, "description"]], "Communication": [[17, "communication"]], "Scenario Guides": [[17, "scenario-guides"]], "Plugin Index": [[17, "plugin-index"]], "Modules": [[17, "modules"]], "Filter Plugins": [[17, "filter-plugins"]], "Lookup Plugins": [[17, "lookup-plugins"]], "community.crypto.luks_device module \u2013 Manage encrypted (LUKS) devices": [[18, "community-crypto-luks-device-module-manage-encrypted-luks-devices"]], "community.crypto.openssh_cert module \u2013 Generate OpenSSH host or user certificates.": [[19, "community-crypto-openssh-cert-module-generate-openssh-host-or-user-certificates"]], "community.crypto.openssh_keypair module \u2013 Generate OpenSSH private and public keys": [[20, "community-crypto-openssh-keypair-module-generate-openssh-private-and-public-keys"]], "community.crypto.openssl_certificate_info": [[21, "community-crypto-openssl-certificate-info"]], "community.crypto.openssl_certificate": [[22, "community-crypto-openssl-certificate"]], "community.crypto.openssl_csr_info filter \u2013 Retrieve information from OpenSSL Certificate Signing Requests (CSR)": [[23, "community-crypto-openssl-csr-info-filter-retrieve-information-from-openssl-certificate-signing-requests-csr"]], "Keyword parameters": [[23, "keyword-parameters"], [30, "keyword-parameters"], [40, "keyword-parameters"], [44, "keyword-parameters"]], "community.crypto.openssl_csr_info module \u2013 Provide information of OpenSSL Certificate Signing Requests (CSR)": [[24, "community-crypto-openssl-csr-info-module-provide-information-of-openssl-certificate-signing-requests-csr"]], "community.crypto.openssl_csr module \u2013 Generate OpenSSL Certificate Signing Request (CSR)": [[25, "community-crypto-openssl-csr-module-generate-openssl-certificate-signing-request-csr"]], "community.crypto.openssl_csr_pipe module \u2013 Generate OpenSSL Certificate Signing Request (CSR)": [[26, "community-crypto-openssl-csr-pipe-module-generate-openssl-certificate-signing-request-csr"]], "community.crypto.openssl_dhparam module \u2013 Generate OpenSSL Diffie-Hellman Parameters": [[27, "community-crypto-openssl-dhparam-module-generate-openssl-diffie-hellman-parameters"]], "community.crypto.openssl_pkcs12 module \u2013 Generate OpenSSL PKCS#12 archive": [[28, "community-crypto-openssl-pkcs12-module-generate-openssl-pkcs-12-archive"]], "community.crypto.openssl_privatekey_convert module \u2013 Convert OpenSSL private keys": [[29, "community-crypto-openssl-privatekey-convert-module-convert-openssl-private-keys"]], "community.crypto.openssl_privatekey_info filter \u2013 Retrieve information from OpenSSL private keys": [[30, "community-crypto-openssl-privatekey-info-filter-retrieve-information-from-openssl-private-keys"]], "community.crypto.openssl_privatekey_info module \u2013 Provide information for OpenSSL private keys": [[31, "community-crypto-openssl-privatekey-info-module-provide-information-for-openssl-private-keys"]], "community.crypto.openssl_privatekey module \u2013 Generate OpenSSL private keys": [[32, "community-crypto-openssl-privatekey-module-generate-openssl-private-keys"]], "community.crypto.openssl_privatekey_pipe module \u2013 Generate OpenSSL private keys without disk access": [[33, "community-crypto-openssl-privatekey-pipe-module-generate-openssl-private-keys-without-disk-access"]], "community.crypto.openssl_publickey_info filter \u2013 Retrieve information from OpenSSL public keys in PEM format": [[34, "community-crypto-openssl-publickey-info-filter-retrieve-information-from-openssl-public-keys-in-pem-format"]], "community.crypto.openssl_publickey_info module \u2013 Provide information for OpenSSL public keys": [[35, "community-crypto-openssl-publickey-info-module-provide-information-for-openssl-public-keys"]], "community.crypto.openssl_publickey module \u2013 Generate an OpenSSL public key from its private key.": [[36, "community-crypto-openssl-publickey-module-generate-an-openssl-public-key-from-its-private-key"]], "community.crypto.openssl_signature_info module \u2013 Verify signatures with openssl": [[37, "community-crypto-openssl-signature-info-module-verify-signatures-with-openssl"]], "community.crypto.openssl_signature module \u2013 Sign data with openssl": [[38, "community-crypto-openssl-signature-module-sign-data-with-openssl"]], "community.crypto.split_pem filter \u2013 Split PEM file contents into multiple objects": [[39, "community-crypto-split-pem-filter-split-pem-file-contents-into-multiple-objects"]], "community.crypto.x509_certificate_info filter \u2013 Retrieve information from X.509 certificates in PEM format": [[40, "community-crypto-x509-certificate-info-filter-retrieve-information-from-x-509-certificates-in-pem-format"]], "community.crypto.x509_certificate_info module \u2013 Provide information of OpenSSL X.509 certificates": [[41, "community-crypto-x509-certificate-info-module-provide-information-of-openssl-x-509-certificates"]], "community.crypto.x509_certificate module \u2013 Generate and/or check OpenSSL certificates": [[42, "community-crypto-x509-certificate-module-generate-and-or-check-openssl-certificates"]], "community.crypto.x509_certificate_pipe module \u2013 Generate and/or check OpenSSL certificates": [[43, "community-crypto-x509-certificate-pipe-module-generate-and-or-check-openssl-certificates"]], "community.crypto.x509_crl_info filter \u2013 Retrieve information from X.509 CRLs in PEM format": [[44, "community-crypto-x509-crl-info-filter-retrieve-information-from-x-509-crls-in-pem-format"]], "community.crypto.x509_crl_info module \u2013 Retrieve information on Certificate Revocation Lists (CRLs)": [[45, "community-crypto-x509-crl-info-module-retrieve-information-on-certificate-revocation-lists-crls"]], "community.crypto.x509_crl module \u2013 Generate Certificate Revocation Lists (CRLs)": [[46, "community-crypto-x509-crl-module-generate-certificate-revocation-lists-crls"]]}, "indexentries": {}}) \ No newline at end of file +Search.setIndex({"docnames": ["acme_account_facts_module", "acme_account_info_module", "acme_account_module", "acme_certificate_module", "acme_certificate_revoke_module", "acme_challenge_cert_helper_module", "acme_inspect_module", "certificate_complete_chain_module", "crypto_info_module", "docsite/guide_ownca", "docsite/guide_selfsigned", "ecs_certificate_module", "ecs_domain_module", "environment_variables", "get_certificate_module", "gpg_fingerprint_filter", "gpg_fingerprint_lookup", "index", "luks_device_module", "openssh_cert_module", "openssh_keypair_module", "openssl_certificate_info_module", "openssl_certificate_module", "openssl_csr_info_filter", "openssl_csr_info_module", "openssl_csr_module", "openssl_csr_pipe_module", "openssl_dhparam_module", "openssl_pkcs12_module", "openssl_privatekey_convert_module", "openssl_privatekey_info_filter", "openssl_privatekey_info_module", "openssl_privatekey_module", "openssl_privatekey_pipe_module", "openssl_publickey_info_filter", "openssl_publickey_info_module", "openssl_publickey_module", "openssl_signature_info_module", "openssl_signature_module", "split_pem_filter", "x509_certificate_info_filter", "x509_certificate_info_module", "x509_certificate_module", "x509_certificate_pipe_module", "x509_crl_info_filter", "x509_crl_info_module", "x509_crl_module"], "filenames": ["acme_account_facts_module.rst", "acme_account_info_module.rst", "acme_account_module.rst", "acme_certificate_module.rst", "acme_certificate_revoke_module.rst", "acme_challenge_cert_helper_module.rst", "acme_inspect_module.rst", "certificate_complete_chain_module.rst", "crypto_info_module.rst", "docsite/guide_ownca.rst", "docsite/guide_selfsigned.rst", "ecs_certificate_module.rst", "ecs_domain_module.rst", "environment_variables.rst", "get_certificate_module.rst", "gpg_fingerprint_filter.rst", "gpg_fingerprint_lookup.rst", "index.rst", "luks_device_module.rst", "openssh_cert_module.rst", "openssh_keypair_module.rst", "openssl_certificate_info_module.rst", "openssl_certificate_module.rst", "openssl_csr_info_filter.rst", "openssl_csr_info_module.rst", "openssl_csr_module.rst", "openssl_csr_pipe_module.rst", "openssl_dhparam_module.rst", "openssl_pkcs12_module.rst", "openssl_privatekey_convert_module.rst", "openssl_privatekey_info_filter.rst", "openssl_privatekey_info_module.rst", "openssl_privatekey_module.rst", "openssl_privatekey_pipe_module.rst", "openssl_publickey_info_filter.rst", "openssl_publickey_info_module.rst", "openssl_publickey_module.rst", "openssl_signature_info_module.rst", "openssl_signature_module.rst", "split_pem_filter.rst", "x509_certificate_info_filter.rst", "x509_certificate_info_module.rst", "x509_certificate_module.rst", "x509_certificate_pipe_module.rst", "x509_crl_info_filter.rst", "x509_crl_info_module.rst", "x509_crl_module.rst"], "titles": ["community.crypto.acme_account_facts", "community.crypto.acme_account_info module \u2013 Retrieves information on ACME accounts", "community.crypto.acme_account module \u2013 Create, modify or delete ACME accounts", "community.crypto.acme_certificate module \u2013 Create SSL/TLS certificates with the ACME protocol", "community.crypto.acme_certificate_revoke module \u2013 Revoke certificates with the ACME protocol", "community.crypto.acme_challenge_cert_helper module \u2013 Prepare certificates required for ACME challenges such as tls-alpn-01", "community.crypto.acme_inspect module \u2013 Send direct requests to an ACME server", "community.crypto.certificate_complete_chain module \u2013 Complete certificate chain given a set of untrusted and root certificates", "community.crypto.crypto_info module \u2013 Retrieve cryptographic capabilities", "How to create a small CA", "How to create self-signed certificates", "community.crypto.ecs_certificate module \u2013 Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API", "community.crypto.ecs_domain module \u2013 Request validation of a domain with the Entrust Certificate Services (ECS) API", "Index of all Collection Environment Variables", "community.crypto.get_certificate module \u2013 Get a certificate from a host:port", "community.crypto.gpg_fingerprint filter \u2013 Retrieve a GPG fingerprint from a GPG public or private key", "community.crypto.gpg_fingerprint lookup \u2013 Retrieve a GPG fingerprint from a GPG public or private key file", "Community.Crypto", "community.crypto.luks_device module \u2013 Manage encrypted (LUKS) devices", "community.crypto.openssh_cert module \u2013 Generate OpenSSH host or user certificates.", "community.crypto.openssh_keypair module \u2013 Generate OpenSSH private and public keys", "community.crypto.openssl_certificate_info", "community.crypto.openssl_certificate", "community.crypto.openssl_csr_info filter \u2013 Retrieve information from OpenSSL Certificate Signing Requests (CSR)", "community.crypto.openssl_csr_info module \u2013 Provide information of OpenSSL Certificate Signing Requests (CSR)", "community.crypto.openssl_csr module \u2013 Generate OpenSSL Certificate Signing Request (CSR)", "community.crypto.openssl_csr_pipe module \u2013 Generate OpenSSL Certificate Signing Request (CSR)", "community.crypto.openssl_dhparam module \u2013 Generate OpenSSL Diffie-Hellman Parameters", "community.crypto.openssl_pkcs12 module \u2013 Generate OpenSSL PKCS#12 archive", "community.crypto.openssl_privatekey_convert module \u2013 Convert OpenSSL private keys", "community.crypto.openssl_privatekey_info filter \u2013 Retrieve information from OpenSSL private keys", "community.crypto.openssl_privatekey_info module \u2013 Provide information for OpenSSL private keys", "community.crypto.openssl_privatekey module \u2013 Generate OpenSSL private keys", "community.crypto.openssl_privatekey_pipe module \u2013 Generate OpenSSL private keys without disk access", "community.crypto.openssl_publickey_info filter \u2013 Retrieve information from OpenSSL public keys in PEM format", "community.crypto.openssl_publickey_info module \u2013 Provide information for OpenSSL public keys", "community.crypto.openssl_publickey module \u2013 Generate an OpenSSL public key from its private key.", "community.crypto.openssl_signature_info module \u2013 Verify signatures with openssl", "community.crypto.openssl_signature module \u2013 Sign data with openssl", "community.crypto.split_pem filter \u2013 Split PEM file contents into multiple objects", "community.crypto.x509_certificate_info filter \u2013 Retrieve information from X.509 certificates in PEM format", "community.crypto.x509_certificate_info module \u2013 Provide information of OpenSSL X.509 certificates", "community.crypto.x509_certificate module \u2013 Generate and/or check OpenSSL certificates", "community.crypto.x509_certificate_pipe module \u2013 Generate and/or check OpenSSL certificates", "community.crypto.x509_crl_info filter \u2013 Retrieve information from X.509 CRLs in PEM format", "community.crypto.x509_crl_info module \u2013 Retrieve information on Certificate Revocation Lists (CRLs)", "community.crypto.x509_crl module \u2013 Generate Certificate Revocation Lists (CRLs)"], "terms": {"thi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "plugin": [0, 13, 15, 16, 21, 22, 23, 24, 30, 31, 33, 34, 35, 39, 40, 41, 44, 45], "wa": [0, 1, 3, 4, 6, 9, 11, 14, 18, 20, 21, 22, 23, 24, 25, 26, 28, 31, 32, 33, 36, 37, 40, 41, 42, 44, 45, 46], "part": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "collect": [0, 9, 10, 17, 21, 22], "version": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "2": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "16": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "0": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "modul": [0, 9, 10, 21, 22, 23, 30, 34, 40, 44], "ha": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 18, 19, 20, 21, 22, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 44, 45, 46], "been": [0, 1, 2, 3, 4, 6, 11, 13, 14, 18, 19, 21, 22, 25, 26, 31, 36, 43, 46], "remov": [0, 1, 2, 3, 4, 6, 18, 21, 22, 28, 36, 42, 46], "The": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "renam": [0, 21, 22, 41, 42, 46], "acme_account_info": [0, 2, 17], "i": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "It": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "includ": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "ansibl": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "core": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "To": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "check": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 44, 45, 46], "whether": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "instal": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "run": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "galaxi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "list": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "us": [1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "you": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "need": [1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "further": [1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "abl": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "detail": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "playbook": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "specifi": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "allow": [1, 2, 3, 4, 6, 11, 12, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "ca": [1, 2, 3, 4, 6, 7, 11, 17, 19, 23, 24, 25, 26, 28, 39, 40, 41, 42, 43, 44, 45, 46], "support": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 17, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "protocol": [1, 2, 5, 6, 14, 17, 20, 42], "let": [1, 2, 3, 4, 6, 42], "": [1, 2, 3, 4, 5, 6, 9, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 43, 44, 45, 46], "encrypt": [1, 2, 3, 4, 6, 14, 17, 20, 28, 29, 32, 33, 42], "onli": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "work": [1, 2, 3, 4, 6, 18, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42], "v2": [1, 2, 3, 4, 6, 36], "below": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "ar": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "host": [1, 2, 3, 4, 5, 6, 7, 11, 12, 17, 18, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "execut": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "either": [1, 2, 3, 4, 6, 11, 12, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 35, 36, 37, 38, 41, 42, 43, 45, 46], "openssl": [1, 2, 3, 4, 6, 7, 8, 14, 17, 40], "cryptographi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 20, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 45, 46], "1": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "5": [1, 2, 3, 4, 6, 7, 8, 12, 18, 23, 24, 32, 33, 37, 38, 40, 41, 42, 43], "ipaddress": [1, 2, 3, 4, 6], "comment": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "account_key_cont": [1, 2, 3, 4, 6], "string": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "content": [1, 2, 3, 4, 5, 6, 7, 9, 11, 12, 14, 15, 17, 18, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "rsa": [1, 2, 3, 4, 6, 8, 10, 19, 20, 23, 24, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41], "ellipt": [1, 2, 3, 4, 6, 8, 20, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "curv": [1, 2, 3, 4, 6, 8, 20, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "kei": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 17, 18, 19, 23, 24, 25, 26, 27, 28, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "mutual": [1, 2, 3, 4, 5, 6, 18, 25, 26, 28, 42, 43, 46], "exclus": [1, 2, 3, 4, 5, 6, 18, 25, 26, 28, 42, 43, 46], "account_key_src": [1, 2, 3, 4, 5, 6, 8], "warn": [1, 2, 3, 4, 6, 30, 31, 41, 42], "written": [1, 2, 3, 4, 6, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 46], "temporari": [1, 2, 3, 4, 6], "file": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 17, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "which": [1, 2, 3, 4, 6, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "delet": [1, 3, 4, 6, 17], "when": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "complet": [1, 2, 3, 4, 6, 8, 17, 18, 33], "sinc": [1, 2, 3, 4, 6, 9, 18, 25, 26, 28, 31], "an": [1, 2, 3, 4, 5, 11, 12, 14, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 40, 41, 42, 43, 44, 45, 46], "import": [1, 2, 3, 4, 6, 8, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 46], "privat": [1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 17, 19, 23, 24, 25, 26, 27, 28, 34, 35, 37, 38, 40, 41, 42, 43, 44, 45, 46], "can": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 44, 45, 46], "chang": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "revok": [1, 2, 3, 6, 11, 17, 44, 45, 46], "your": [1, 2, 3, 4, 6, 9, 11, 12, 25, 26, 27, 32, 42, 43], "certif": [1, 2, 6, 17, 27, 28, 30, 32, 33, 36, 37, 38, 39, 44], "without": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 17, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 35, 36, 37, 38, 41, 42, 43, 45, 46], "know": [1, 2, 3, 4, 6, 25, 26], "might": [1, 2, 3, 4, 6, 14, 29, 32, 33, 36, 46], "accept": [1, 2, 3, 4, 6, 11, 25, 26], "In": [1, 2, 3, 4, 6, 9, 11, 20, 23, 24, 28, 31, 32, 43], "case": [1, 2, 3, 4, 6, 8, 11, 12, 14, 18, 19, 20, 23, 24, 25, 27, 28, 29, 31, 32, 33, 36, 40, 41, 42, 46], "still": [1, 2, 3, 4, 6, 11, 19, 24, 31, 41, 42], "happen": [1, 2, 3, 4, 6], "disk": [1, 2, 3, 4, 6, 7, 10, 17, 25, 26, 29, 31, 32, 36, 42, 43], "process": [1, 2, 3, 4, 6, 12, 18, 46], "move": [1, 2, 3, 4, 6, 11, 41, 42, 43], "its": [1, 2, 3, 4, 6, 7, 9, 11, 12, 15, 17, 18, 19, 20, 25, 26, 27, 28, 29, 32, 33, 35, 42, 43], "argument": [1, 2, 3, 4, 6, 27], "node": [1, 2, 3, 4, 6, 15, 16, 23, 30, 40, 44], "where": [1, 2, 3, 4, 6, 9, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 35, 36, 41, 42, 43, 45, 46], "account_key_passphras": [1, 2, 3, 4, 6], "ad": [1, 2, 3, 4, 5, 6, 7, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 36, 41, 42, 43, 44, 45, 46], "6": [1, 2, 3, 4, 5, 6, 8, 11, 14, 18, 20, 23, 24, 25, 26, 32, 33, 37, 38, 40, 41, 42, 43], "phassphras": [1, 2, 3, 4, 5, 6], "decod": [1, 2, 3, 4, 5, 6, 23, 24, 30, 40, 41, 44, 45, 46], "backend": [1, 2, 3, 4, 6, 14, 20, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "alias": [1, 2, 3, 4, 6, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 43, 46], "account_kei": [1, 2, 3, 4, 6], "path": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "contain": [1, 2, 3, 4, 5, 6, 7, 12, 14, 18, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 42, 46], "creat": [1, 4, 5, 6, 11, 17, 18, 19, 20, 25, 26, 27, 28, 29, 32, 35, 36, 42, 43, 45, 46], "openssl_privatekei": [1, 2, 3, 6, 9, 10, 11, 17, 25, 26, 27, 28, 29, 31, 33, 35, 36, 38, 42, 43], "openssl_privatekey_pip": [1, 2, 3, 6, 17, 25, 26, 29, 31, 32, 36, 42, 43], "If": [1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "requisit": [1, 2, 3, 6], "avail": [1, 2, 3, 4, 6, 8, 10, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 46], "directli": [1, 2, 3, 6, 10, 41, 42], "command": [1, 2, 3, 6, 18, 19], "line": [1, 2, 3, 6, 18], "tool": [1, 2, 3, 4, 6, 25, 26], "genrsa": [1, 2, 3, 6], "ecparam": [1, 2, 3, 4, 6], "genkei": [1, 2, 3, 4, 6], "ani": [1, 2, 3, 4, 6, 9, 10, 11, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 42, 43], "other": [1, 2, 3, 4, 6, 11, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 40, 41, 42, 45, 46], "pem": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 14, 17, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "format": [1, 2, 3, 4, 5, 6, 7, 11, 14, 17, 18, 19, 20, 23, 24, 28, 29, 30, 31, 32, 33, 36, 41, 42, 43, 45, 46], "well": [1, 2, 3, 4, 6, 12, 28, 29, 32, 33, 36, 42], "account_uri": [1, 2, 3, 4, 6], "assum": [1, 2, 3, 4, 6, 7, 9, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "uri": [1, 2, 3, 4, 6, 23, 24, 25, 26, 30, 40, 41, 44, 45, 46], "given": [1, 2, 3, 4, 5, 6, 17, 18, 25, 26, 37], "doe": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "match": [1, 2, 3, 4, 6, 7, 12, 19, 20, 25, 26, 27, 32, 33, 42, 46], "exist": [1, 2, 3, 4, 5, 6, 9, 11, 18, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 42, 43, 46], "fail": [1, 2, 3, 4, 6, 11, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 36, 40, 41, 42, 44, 45, 46], "acme_directori": [1, 2, 3, 4, 6, 42], "directori": [1, 2, 3, 4, 6, 7, 42], "entri": [1, 2, 3, 4, 5, 6, 12, 15, 16, 23, 24, 30, 34, 39, 40, 41, 42, 44, 46], "point": [1, 2, 3, 4, 6, 7, 11, 16, 19, 23, 24, 25, 26, 30, 31, 34, 35, 40, 41, 42, 43, 44, 45, 46], "url": [1, 2, 3, 4, 6], "access": [1, 2, 3, 4, 6, 12, 17, 25, 26, 29, 31, 32, 36, 42, 43, 46], "server": [1, 2, 3, 4, 9, 11, 12, 14, 17, 19, 25, 26, 42, 43], "api": [1, 2, 3, 4, 6, 17, 42, 43], "For": [1, 2, 3, 4, 6, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41, 42, 43, 44], "safeti": [1, 2, 3, 4, 6], "reason": [1, 2, 3, 4, 6, 25, 26, 42, 43, 44, 45, 46], "default": [1, 2, 3, 4, 6, 7, 10, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "set": [1, 2, 3, 4, 5, 6, 11, 13, 14, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "stage": [1, 2, 3, 4, 6, 42], "v1": [1, 2, 3, 4, 6], "technic": [1, 2, 3, 4, 6, 11], "correct": [1, 2, 3, 4, 6, 7, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "untrust": [1, 2, 3, 4, 6, 17], "all": [1, 2, 3, 4, 6, 7, 8, 9, 11, 14, 19, 20, 23, 24, 28, 30, 31, 32, 33, 39, 40, 41, 42, 43, 44, 45, 46], "endpoint": [1, 2, 3, 4, 6], "found": [1, 2, 3, 4, 6, 8, 12], "here": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "http": [1, 2, 3, 4, 5, 6, 11, 12, 14, 19, 25, 26, 32, 42, 43], "letsencrypt": [1, 2, 3, 4, 6, 42], "org": [1, 2, 3, 4, 6, 11, 25, 26, 42, 44, 45, 46], "doc": [1, 2, 3, 4, 6, 9, 10, 32, 42], "environ": [1, 2, 3, 4, 5, 6, 42], "buypass": [1, 2, 3, 4, 6, 42], "com": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 17, 19, 23, 24, 25, 26, 28, 29, 31, 32, 35, 36, 40, 41, 42, 43, 44, 45, 46], "t": [1, 2, 3, 4, 6, 9, 19, 20, 24, 25, 27, 28, 29, 31, 32, 35, 36, 41, 42, 46], "63d4ai": [1, 2, 3, 4, 6], "go": [1, 2, 3, 4, 6], "ssl": [1, 2, 4, 5, 6, 7, 12, 14, 17, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 41, 42, 43, 45, 46], "product": [1, 2, 3, 4, 6, 11, 33], "v02": [1, 2, 3, 4, 6, 42], "zerossl": [1, 2, 3, 4, 6], "dv90": [1, 2, 3, 4, 6], "sectigo": [1, 2, 3, 4, 6], "qa": [1, 2, 3, 4, 6], "secur": [1, 2, 3, 4, 6, 11, 14, 28, 42, 43], "trust": [1, 2, 3, 4, 6, 44, 45, 46], "provid": [1, 2, 3, 4, 5, 6, 9, 10, 11, 12, 14, 15, 16, 17, 18, 20, 23, 25, 26, 30, 32, 33, 34, 36, 40, 42, 43, 44, 45], "dv": [1, 2, 3, 4, 6], "servic": [1, 2, 3, 4, 6, 17, 42, 43], "test": [1, 2, 3, 4, 6, 11, 12, 20, 23, 24, 40, 41], "against": [1, 2, 3, 4, 6, 11, 14, 19], "acme_vers": [1, 2, 3, 4, 6], "integ": [1, 2, 3, 4, 6, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 40, 41, 42, 43, 44, 45, 46], "must": [1, 2, 3, 4, 5, 6, 9, 11, 12, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 45, 46], "classic": [1, 2, 3, 4, 6], "standard": [1, 2, 3, 4, 6, 11], "deprec": [1, 2, 3, 4, 6, 14, 20, 41, 42, 46], "from": [1, 2, 3, 4, 6, 7, 9, 10, 11, 12, 17, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 41, 42, 43, 45, 46], "3": [1, 2, 3, 4, 5, 6, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 28, 29, 31, 32, 33, 35, 36, 40, 41, 42, 43, 46], "choic": [1, 2, 3, 4, 5, 6, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "request_timeout": [1, 2, 3, 4, 6], "time": [1, 2, 3, 4, 6, 11, 12, 14, 18, 19, 23, 24, 28, 30, 31, 34, 35, 40, 41, 42, 43, 44, 45, 46], "should": [1, 2, 3, 4, 5, 6, 8, 11, 12, 14, 19, 20, 23, 24, 25, 26, 27, 28, 29, 32, 33, 36, 40, 41, 42, 43, 45, 46], "wait": [1, 2, 3, 4, 6], "respons": [1, 2, 3, 4, 6, 11], "timeout": [1, 2, 3, 4, 6, 14], "appli": [1, 2, 3, 4, 6, 11, 14, 19, 20], "request": [1, 2, 3, 4, 5, 7, 8, 9, 10, 14, 15, 16, 17, 18, 19, 20, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "head": [1, 2, 3, 4, 6], "get": [1, 2, 3, 4, 6, 11, 17, 19, 20, 24, 25, 27, 28, 29, 31, 32, 35, 36, 41, 42, 45, 46], "post": [1, 2, 3, 4, 6, 11], "10": [1, 2, 3, 4, 6, 10, 14, 17, 18, 19, 20, 23, 30, 32, 33, 34, 36, 39, 40, 41, 42, 43, 44], "retrieve_ord": 1, "order": [1, 3, 6, 11, 14, 15, 16, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 34, 35, 36, 39, 40, 41, 42, 44, 45, 46], "object": [1, 3, 6, 17, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "A": [1, 2, 5, 7, 8, 11, 14, 16, 24, 25, 26, 31, 35, 37, 39, 41, 42, 43, 45, 46], "ignor": [1, 2, 3, 7, 11, 19, 20, 23, 24, 25, 26, 28, 30, 33, 39, 40, 41, 42, 43, 44, 45, 46], "fetch": 1, "order_uri": [1, 3, 6], "alwai": [1, 2, 3, 4, 5, 6, 8, 10, 11, 12, 14, 19, 20, 28, 31, 32, 33, 41, 42, 43, 46], "popul": 1, "option": [1, 2, 3, 4, 6, 11, 14, 18, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 41, 42, 43, 46], "object_list": 1, "current": [1, 3, 8, 11, 12, 14, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 42, 43, 46], "so": [1, 2, 3, 4, 6, 11, 12, 18, 19, 20, 23, 25, 27, 28, 29, 30, 31, 32, 33, 36, 40, 42, 44, 46], "result": [1, 4, 5, 9, 10, 11, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 40, 41, 42, 43, 44, 45, 46], "empti": [1, 3, 8], "url_list": 1, "select_crypto_backend": [1, 2, 3, 4, 6, 14, 24, 25, 26, 27, 28, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43], "determin": [1, 2, 3, 4, 6, 14, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43], "auto": [1, 2, 3, 4, 6, 14, 20, 24, 25, 26, 27, 28, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43], "tri": [1, 2, 3, 4, 6, 7, 14, 24, 25, 26, 27, 28, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43], "fall": [1, 2, 3, 4, 6, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "back": [1, 2, 3, 4, 6, 9, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "try": [1, 2, 3, 4, 6, 7, 8, 14, 18, 24, 25, 26, 27, 28, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43], "binari": [1, 2, 3, 4, 6, 8, 14, 20, 27], "librari": [1, 2, 3, 4, 6, 8, 14, 19, 20, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "validate_cert": [1, 2, 3, 4, 6], "boolean": [1, 2, 3, 4, 6, 8, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 36, 37, 40, 41, 42, 43, 44, 45, 46], "call": [1, 2, 3, 4, 6, 11, 28, 41, 42, 46], "valid": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 14, 17, 19, 23, 24, 25, 26, 37, 38, 41, 42, 43, 46], "tl": [1, 2, 4, 6, 14, 17, 25, 26, 28, 29, 32, 33, 36, 42, 43], "ever": [1, 2, 3, 4, 6], "fals": [1, 2, 3, 4, 6, 8, 9, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 36, 37, 40, 41, 42, 43, 44, 45, 46], "purpos": [1, 2, 3, 4, 6, 11, 25, 26, 42, 43], "local": [1, 2, 3, 4, 6, 11, 12, 15, 16, 23, 30, 40, 42, 43, 44], "pebbl": [1, 2, 3, 4, 6], "true": [1, 2, 3, 4, 6, 8, 9, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 36, 37, 40, 41, 42, 43, 44, 45, 46], "descript": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "action_group": [1, 2, 3, 4, 6], "action": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 19, 20, 24, 25, 27, 28, 31, 32, 33, 35, 36, 37, 38, 41, 42, 45, 46], "group": [1, 2, 3, 4, 6, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 34, 35, 36, 40, 41, 42, 46], "module_default": [1, 2, 3, 4, 6], "check_mod": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "full": [1, 2, 3, 7, 8, 11, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "modifi": [1, 3, 4, 5, 6, 7, 8, 11, 12, 14, 17, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "state": [1, 2, 3, 5, 7, 8, 14, 18, 19, 20, 24, 25, 27, 28, 31, 32, 35, 36, 37, 38, 41, 42, 45, 46], "statu": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "predict": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "target": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "diff_mod": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "n": [1, 5, 6, 7, 8, 14, 24, 31, 35, 37, 41, 45], "Will": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 45, 46], "what": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "possibli": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "diff": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "mode": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "acme_account": [1, 3, 17], "acme_account_fact": 1, "befor": [1, 3, 12, 15, 23, 30, 34, 39, 40, 42, 43, 44, 46], "8": [1, 3, 4, 18, 19, 20, 25, 27, 28, 29, 32, 36, 42], "usag": [1, 3, 7, 10, 11, 17, 18, 25, 42, 43, 46], "did": [1, 3, 33], "new": [1, 2, 3, 4, 5, 6, 8, 9, 11, 12, 15, 16, 18, 19, 20, 23, 25, 26, 27, 28, 29, 30, 32, 33, 34, 35, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "enough": [1, 2, 3, 4, 6, 19, 20, 25, 27, 28, 29, 32, 36, 42], "instead": [1, 2, 3, 4, 6, 10, 18, 19, 25, 26, 32, 33, 46], "explicitli": [1, 2, 3, 4, 6, 29, 31, 32], "disabl": [1, 2, 3, 4, 6, 11, 18, 19, 31], "enabl": [1, 2, 3, 4, 6, 11, 19, 25, 26], "slower": [1, 2, 3, 4, 6], "less": [1, 2, 3, 4, 6, 12, 19], "have": [1, 2, 3, 4, 6, 10, 11, 12, 13, 15, 16, 19, 20, 23, 25, 27, 28, 29, 30, 31, 32, 33, 34, 36, 39, 40, 42, 43, 44, 46], "store": [1, 2, 3, 4, 6, 10, 11, 12, 18, 26, 28, 29, 42, 43], "although": [1, 2, 3, 4, 6], "chosen": [1, 2, 3, 4, 6, 28], "principl": [1, 2, 3, 4, 6], "far": [1, 2, 3, 4, 6], "develop": [1, 2, 3, 4, 6, 42], "we": [1, 2, 3, 4, 5, 6, 9, 28, 32, 33], "got": [1, 2, 3, 4, 6], "feedback": [1, 2, 3, 4, 6], "thei": [1, 2, 3, 4, 6, 12, 14, 18, 20, 27, 32, 33, 41, 45], "incommon": [1, 2, 3, 4, 6], "experi": [1, 2, 3, 4, 6], "problem": [1, 2, 3, 4, 6], "anoth": [1, 2, 3, 4, 6, 7, 9, 10, 11, 18, 23, 24, 30, 32, 40, 41, 43, 44, 45, 46], "pleas": [1, 2, 3, 4, 6, 7, 9, 14, 20, 25, 26, 27, 29, 32, 33, 42, 43], "issu": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "help": [1, 2, 3, 4, 6, 11], "u": [1, 2, 3, 4, 6, 19, 20, 25, 27, 28, 29, 32, 36, 42, 43], "mention": [1, 2, 3, 4, 6, 28], "appreci": [1, 2, 3, 4, 6], "name": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "etc": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 24, 25, 26, 27, 28, 29, 31, 32, 35, 36, 41, 42, 43, 45, 46], "pki": [1, 2, 3, 4, 5, 6, 8, 12], "cert": [1, 2, 3, 4, 5, 6, 8, 11, 14, 19, 23, 24, 25, 26, 28, 30, 37, 38, 40, 41, 44, 46], "regist": [1, 3, 5, 6, 7, 8, 9, 10, 14, 24, 26, 31, 33, 35, 37, 38, 41, 42, 43, 45], "account_data": 1, "verifi": [1, 7, 12, 17, 38, 42], "builtin": [1, 3, 7, 8, 14, 15, 16, 23, 24, 26, 30, 31, 33, 34, 35, 37, 38, 39, 40, 41, 42, 43, 44, 45], "assert": [1, 37, 38, 41, 42], "print": [1, 26, 39, 43, 45], "debug": [1, 2, 3, 4, 6, 8, 11, 14, 15, 16, 23, 24, 26, 30, 31, 33, 34, 35, 39, 40, 41, 43, 44, 45], "var": [1, 3, 6, 8, 14, 24, 26, 31, 35, 41, 43], "contact": [1, 2, 3, 6], "acme_account_kei": 1, "acme_account_uri": 1, "common": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "document": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "follow": [1, 2, 3, 5, 6, 7, 8, 9, 11, 12, 13, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "field": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 45, 46], "uniqu": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "dictionari": [1, 2, 3, 5, 6, 8, 11, 14, 18, 23, 24, 25, 26, 30, 31, 32, 33, 34, 35, 36, 40, 41, 44, 45, 46], "element": [1, 2, 3, 7, 8, 11, 12, 14, 16, 19, 23, 24, 25, 26, 28, 30, 31, 34, 35, 39, 40, 41, 44, 45, 46], "challeng": [1, 3, 6, 17, 42], "resourc": [1, 3, 5, 12], "sampl": [1, 3, 4, 5, 6, 8, 11, 12, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 44, 45, 46], "mailto": [1, 2, 6], "me": [1, 2, 6], "tel": 1, "00123456789": 1, "queri": [1, 3, 24, 31, 35, 41], "public_account_kei": 1, "public": [1, 3, 11, 17, 19, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 40, 41, 42, 43], "json": [1, 6, 11, 14, 44, 45], "web": [1, 12], "kty": [1, 6], "ec": [1, 3, 17, 42, 43], "crv": 1, "p": [1, 23, 24, 30, 31, 34, 35, 40, 41], "256": [1, 19, 20], "x": [1, 6, 14, 17, 23, 24, 30, 31, 34, 35, 45], "mkbctnickusdii11yss3526idz8aito7tu6kpaqv7d4": 1, "y": [1, 14, 23, 24, 30, 31, 34, 35, 40, 41], "4etl6srw2yilurn5vfvvhuhp7x8pxltmwwlbbm4ifym": 1, "deactiv": [1, 2, 3, 11], "none": [1, 2, 3, 4, 5, 6, 11, 12, 14, 18, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 36, 38, 40, 41], "success": [1, 3, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "error": [1, 3, 4, 6, 8, 11, 18, 42], "occur": [1, 46], "dure": [1, 2, 3, 11, 19, 28], "about": [1, 2, 11, 12, 14, 19, 25, 26, 30, 31], "structur": 1, "rfc7807": 1, "expir": [1, 3, 6, 10, 11, 12, 14, 40, 41, 42, 43, 46], "timestamp": [1, 19, 25, 27, 28, 29, 32, 36, 41, 42, 43, 45, 46], "describ": [1, 15, 23, 25, 26, 30, 34, 39, 40, 44], "rfc3339": [1, 11], "pend": [1, 11], "give": [1, 19, 20, 25, 27, 28, 29, 32, 36, 42], "expiri": [1, 11, 42, 43], "date": [1, 6, 7, 11, 14, 40, 41, 42, 43, 44, 45, 46], "final": [1, 3], "identifi": [1, 2, 3, 5, 11, 18, 19, 23, 24, 25, 26, 40, 41, 42, 43], "type": [1, 3, 5, 6, 10, 11, 12, 15, 16, 18, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 46], "dn": [1, 3, 5, 9, 10, 12, 23, 24, 25, 26, 30, 40, 41, 42, 44, 45, 46], "ip": [1, 3, 5, 14, 23, 24, 25, 26, 40, 41], "hostnam": [1, 14], "address": [1, 2, 3, 5, 11, 12, 19, 23, 24, 30, 40, 41, 44, 45, 46], "wildcard": [1, 3], "actual": [1, 5, 19, 20, 25, 27, 28, 29, 32, 36, 42], "prefix": [1, 2, 25, 26], "notaft": [1, 40, 41], "notbefor": [1, 40, 41], "readi": [1, 11], "invalid": [1, 11, 39, 44, 45, 46], "felix": [1, 2, 4, 5, 6, 7, 8, 15, 16, 23, 24, 25, 26, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41, 43, 44, 45, 46], "fontein": [1, 2, 4, 5, 6, 7, 8, 15, 16, 23, 24, 25, 26, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41, 43, 44, 45, 46], "felixfontein": [1, 2, 4, 5, 6, 7, 8, 15, 16, 23, 24, 25, 26, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41, 43, 44, 45, 46], "tracker": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "repositori": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "sourc": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "submit": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "bug": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "report": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "featur": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "allow_cr": 2, "creation": [2, 3, 6, 18], "present": [2, 3, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 32, 36, 40, 41, 42, 46], "email": [2, 3, 11, 12, 23, 24, 25, 26, 30, 40, 41, 42, 43, 44, 45, 46], "ietf": [2, 3, 6, 25, 26], "html": [2, 3, 6, 25, 26, 32], "rfc8555": [2, 3, 6], "section": [2, 3, 4, 6, 25, 26], "7": [2, 3, 6, 14, 19, 20, 23, 24, 28, 35, 40, 41, 44, 45], "absent": [2, 18, 19, 20, 25, 27, 28, 32, 36, 42, 46], "changed_kei": 2, "external_account_bind": 2, "extern": [2, 3], "bind": [2, 3], "data": [2, 3, 5, 11, 12, 17, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 40, 41, 42, 43, 46], "like": [2, 3, 10, 42, 43], "specif": [2, 3, 4, 5, 6, 10, 11, 12, 18, 25, 26, 28, 41, 42, 43], "properli": [2, 6], "custom": [2, 11, 20], "alg": 2, "mac": [2, 28], "algorithm": [2, 14, 18, 19, 20, 23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 43, 44, 45, 46], "probabl": 2, "hs256": 2, "hs384": 2, "hs512": 2, "base64": [2, 3, 14, 23, 24, 28, 32, 33, 37, 38, 40, 41, 45, 46], "encod": [2, 3, 6, 11, 14, 23, 24, 28, 30, 32, 33, 37, 38, 40, 41, 44, 45, 46], "pad": 2, "symbol": [2, 7, 19, 20, 25, 27, 28, 29, 32, 36, 42], "end": [2, 3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42], "omit": [2, 9, 18, 19, 20], "kid": 2, "new_account_key_cont": 2, "same": [2, 3, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 46], "restrict": [2, 3, 19, 25, 26], "new_account_key_src": 2, "new_account_key_passphras": 2, "inform": [2, 3, 4, 5, 6, 8, 10, 11, 12, 14, 17, 19, 20, 25, 26, 27, 28, 29, 32, 33, 36, 42, 43], "touch": 2, "terms_agre": [2, 3], "indic": [2, 3, 11, 14, 25, 26, 31, 33], "agre": [2, 3], "term": [2, 3, 6], "acme_certif": [2, 5, 6, 7, 17], "do": [2, 3, 6, 9, 10, 11, 12, 18, 19, 20, 25, 27, 28, 29, 31, 32, 33, 36, 42], "basic": [2, 3, 23, 24, 25, 26, 30, 31, 34, 35, 40, 41], "manag": [2, 3, 4, 5, 6, 11, 17, 36], "both": [2, 3, 11, 20, 24, 25, 26, 31, 35, 36, 37, 38, 41, 43, 45, 46], "recommend": [2, 11, 12, 42, 43], "modify_account": [2, 3], "automat": [2, 3, 4, 5, 6, 18, 32, 33, 42], "rfc": [2, 3, 4, 5, 6, 25, 26], "8555": [2, 3, 4, 5, 6], "retriev": [2, 3, 6, 14, 17, 25, 26, 42, 43], "fact": 2, "write": [2, 3, 6, 7, 9, 18, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 43, 46], "acme_inspect": [2, 3, 4, 17], "make": [2, 3, 6, 11, 14, 18, 20, 30, 31, 32, 33, 37, 38, 41, 46], "sure": [2, 3, 18, 20, 30, 31, 32, 33, 37, 38, 46], "TOS": 2, "myself": [2, 3], "one": [2, 3, 4, 7, 9, 11, 12, 14, 16, 19, 20, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "variabl": [2, 3, 9, 15, 16, 23, 24, 30, 31, 34, 39, 40, 44], "new_account_kei": 2, "renew": [3, 11], "implement": [3, 33, 42, 43], "01": [3, 6, 11, 17, 19, 32, 33, 36], "alpn": [3, 6, 17], "twice": 3, "two": [3, 25, 26], "differ": [3, 4, 10, 12, 14, 19, 20, 25, 27, 32, 36, 42, 46], "task": [3, 11, 19, 20, 32, 33, 41], "output": [3, 6, 8, 11, 19, 28, 32, 33], "first": [3, 5, 6, 10, 11, 12, 18, 28, 41], "record": [3, 11, 12], "pass": [3, 9, 11], "second": [3, 12, 14, 18, 41, 42, 43, 46], "between": [3, 18, 20], "fulfil": 3, "step": [3, 11, 28], "whatev": 3, "mean": [3, 11, 37], "necessari": [3, 19], "destin": [3, 11, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42], "webserv": 3, "serv": [3, 42], "perform": [3, 11, 12, 18, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 46], "how": [3, 5, 12, 14, 17, 23, 24, 25, 26, 30, 32, 40, 41, 42, 44, 45, 46], "read": [3, 9, 18, 19, 20, 25, 27, 28, 29, 32, 33, 36, 37, 38, 42, 43, 46], "through": 3, "main": 3, "consid": [3, 19, 20, 25, 26, 27, 28, 32, 42], "experiment": 3, "accord": [3, 25, 26], "8738": 3, "account_email": 3, "associ": [3, 7, 11, 12], "account": [3, 4, 5, 6, 8, 11, 17], "more": [3, 7, 11, 14, 19, 25, 26, 28, 42, 43, 46], "than": [3, 4, 11, 12, 19, 20, 23, 24, 25, 26, 28, 30, 40, 41, 42, 43, 44, 45, 46], "updat": [3, 6, 12, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 46], "most": [3, 18], "agreement": [3, 11, 23, 24, 40, 41], "latest": [3, 32, 46], "gather": 3, "chain_dest": 3, "chain": [3, 11, 14, 17, 42], "intermedi": [3, 7, 11, 28, 33, 42], "some": [3, 4, 14, 18, 19, 20, 25, 27, 28, 29, 32, 33, 36, 37, 38, 42, 44, 45], "assur": 3, "could": [3, 11, 25, 27, 31, 32, 42, 43], "foo": [3, 18, 19], "certain": [3, 19, 41], "period": [3, 42, 43], "csr": [3, 5, 6, 7, 9, 10, 11, 17, 27, 28, 30, 32, 33, 36, 41, 42, 43], "src": [3, 9, 28, 43], "openssl_csr": [3, 10, 11, 17, 24, 26, 27, 28, 32, 33, 36, 42, 43], "req": 3, "mai": [3, 11, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 43], "multipl": [3, 9, 10, 11, 17, 23, 24, 25, 26, 28, 30, 31, 34, 35, 40, 41], "subject": [3, 7, 10, 11, 14, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 32, 36, 40, 41, 42, 43, 44, 46], "altern": [3, 10, 11, 25, 26, 42, 43], "each": [3, 9, 11, 15, 16, 23, 30, 32, 33, 34, 36, 39, 40, 44], "lead": [3, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "individu": [3, 19], "sign": [3, 5, 8, 11, 14, 17, 19, 27, 28, 32, 33, 36, 37, 40, 41, 42, 43, 44, 45, 46], "bad": 3, "idea": 3, "view": 3, "precis": 3, "csr_content": [3, 9, 10, 42, 43], "openssl_csr_pip": [3, 9, 10, 17, 24, 25, 32, 33, 36, 42, 43], "ongo": 3, "previou": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "non": [3, 8, 11, 19], "activ": [3, 6, 11, 12], "taken": 3, "mark": [3, 25, 26], "no_log": [3, 32, 33], "up": [3, 5, 11, 15, 16, 18, 19, 20, 23, 25, 27, 28, 29, 30, 32, 34, 36, 39, 40, 41, 42, 44], "longer": [3, 18, 25, 26], "wai": [3, 5, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "caus": [3, 14, 19, 20], "messag": 3, "come": 3, "unus": 3, "anywai": 3, "deactivate_authz": 3, "authent": [3, 6, 11, 12, 19, 25, 26, 42, 43], "authz": [3, 6], "after": [3, 18, 42, 43], "bound": 3, "remain": [3, 11, 12, 18, 19], "amount": 3, "re": [3, 12, 14, 20, 23, 24, 25, 26, 27, 28, 32, 33, 36, 40, 41, 42, 43, 46], "domain": [3, 5, 11, 17, 23, 24, 30, 40, 41, 44, 45, 46], "concern": [3, 25, 27, 32, 42], "dest": [3, 5, 7, 9, 26, 43], "fullchain_dest": [3, 6], "forc": [3, 11, 19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 43, 46], "enforc": 3, "even": [3, 4, 11, 18, 19, 20, 27, 28, 32, 36, 42, 43], "remaining_dai": [3, 11], "especi": [3, 32], "addit": [3, 11, 18, 25, 26], "desir": [3, 18], "fullchain": [3, 6, 7], "want": [3, 9, 10, 11, 12, 18, 20, 25, 26, 30, 31, 46], "avoid": [3, 11, 12, 19, 20, 25, 27, 28, 29, 31, 32, 36, 41, 42, 43, 46], "accident": [3, 30, 31, 32, 33], "old": [3, 11, 25, 26, 41, 42, 46], "number": [3, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 34, 35, 36, 40, 41, 42, 43, 44, 45, 46], "dai": [3, 11, 12, 14, 41, 42, 43], "left": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "being": [3, 11, 19, 32, 33, 41, 42, 43], "cert_dai": [3, 11], "challenge_data": [3, 5], "retrieve_all_altern": 3, "offer": [3, 9, 10], "These": [3, 17, 23, 25, 26, 30, 40, 44], "togeth": [3, 18, 28], "all_chain": 3, "select_chain": 3, "criteria": 3, "select": [3, 5, 10, 20, 28, 32, 33], "until": [3, 7, 11, 14], "criterium": 3, "header": [3, 5, 6], "determinist": 3, "everi": [3, 11, 12, 16, 20, 23, 24, 25, 26, 29, 30, 31, 32, 33, 34, 35, 40, 41, 42, 43, 46], "consist": [3, 19, 20, 25, 27, 28, 29, 31, 32, 36, 42], "condit": [3, 14, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "issuer": [3, 7, 14, 23, 24, 25, 26, 40, 41, 42, 44, 45, 46], "authority_key_identifi": [3, 23, 24, 25, 26, 40, 41], "authoritykeyidentifi": [3, 23, 24, 25, 26, 40, 41], "extens": [3, 5, 6, 14, 20, 23, 24, 25, 26, 40, 41, 44, 45, 46], "base": [3, 11, 18, 19, 32, 33], "form": [3, 7, 11, 40, 41], "c4": 3, "a7": 3, "b1": [3, 32, 33, 36], "a4": 3, "7b": 3, "2c": [3, 32, 33, 36], "71": [3, 32, 33, 36], "fa": 3, "db": 3, "e1": [3, 32, 33, 36], "4b": 3, "90": [3, 11, 12, 42, 43], "75": [3, 32, 33, 36], "ff": [3, 23, 24, 25, 26, 30, 31, 34, 35, 40, 41], "15": [3, 6, 11, 15, 16, 28, 42, 43], "60": [3, 11, 12, 32, 33, 36], "85": [3, 32, 33, 36], "89": 3, "would": [3, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "commonnam": [3, 23, 24, 25, 26, 40, 41, 42, 44, 45, 46], "my": [3, 32, 45, 46], "prefer": [3, 23, 24, 30, 40, 41, 44, 45, 46], "root": [3, 11, 14, 17, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "cn": [3, 9, 11, 14, 25, 26, 46], "subject_key_identifi": [3, 23, 24, 25, 26, 40, 41], "subjectkeyidentifi": [3, 23, 24, 40, 41], "a8": 3, "4a": [3, 23, 24, 30, 31, 34, 35, 40, 41], "6a": [3, 32, 33, 36], "63": [3, 11, 23, 24, 30, 31, 34, 35, 40, 41], "04": [3, 23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "7d": [3, 46], "dd": [3, 19, 23, 24, 25, 26, 32, 33, 36, 40, 41], "ba": [3, 23, 24, 30, 31, 34, 35, 40, 41], "e6": [3, 23, 24, 30, 31, 34, 35, 40, 41], "d1": 3, "39": [3, 32, 33, 36], "b7": 3, "a6": [3, 32, 33, 36], "45": 3, "65": 3, "ef": [3, 32, 33, 36], "f3": 3, "a1": [3, 32, 33, 36], "test_certif": 3, "exclud": [3, 19, 23, 24, 25, 26], "leaf": [3, 7], "ident": [3, 19], "last": [3, 18, 23, 24, 40, 41, 44, 45, 46], "furthest": 3, "awai": 3, "Its": 3, "safe_file_oper": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "strict": [3, 6, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "oper": [3, 11, 18, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "function": [3, 11, 18, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "ensur": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "proper": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "permiss": [3, 11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "corrupt": [3, 11, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 46], "At": [3, 19], "least": [3, 11, 25, 26, 37, 38], "control": [3, 6, 12, 14, 15, 16, 23, 30, 33, 40, 44, 45], "over": 3, "rate": [3, 4], "limit": [3, 4, 18, 19], "8737": [3, 5, 6], "acme_challenge_cert_help": [3, 17], "prepar": [3, 17], "certificate_complete_chain": [3, 17], "find": [3, 7, 12], "acme_certificate_revok": [3, 17], "account_private_kei": 3, "httpd": [3, 4, 5, 6], "crt": [3, 4, 5, 6, 11, 12, 41, 42, 43, 46], "sample_com_challeng": [3, 5], "hashi": 3, "vault": [3, 18, 33], "lookup": [3, 7, 15, 23, 26, 30, 33, 34, 39, 40, 43, 44], "hashi_vault": 3, "secret": [3, 32], "copi": [3, 7, 9, 11, 12, 26, 42, 43], "www": [3, 7, 9, 10, 11, 14, 19, 23, 24, 25, 26, 40, 41, 42, 43], "resource_valu": 3, "item": [3, 5, 25, 39], "loop": [3, 5, 19, 20, 25, 27, 28, 29, 32, 36, 39, 42], "dict2item": 3, "v01": 3, "30": [3, 11, 32, 33, 36], "aw": 3, "route53": 3, "zone": 3, "txt": [3, 12, 19], "ttl": 3, "enclos": 3, "quot": [3, 19, 20, 25, 27, 28, 29, 32, 36, 42], "regex_replac": [3, 25], "map": [3, 11, 25, 41], "challenge_data_dn": 3, "dst": 3, "x3": 3, "cross": 3, "identrust": 3, "As": [3, 19, 20, 25, 27, 28, 29, 32, 36, 42], "long": [3, 12, 14], "switch": 3, "own": [3, 9, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42, 43, 46], "isrg": 3, "x1": 3, "compat": [3, 11, 14, 19, 28], "older": [3, 18, 28, 29, 32, 33, 36, 42], "client": [3, 11, 12, 14, 19, 25, 26, 42, 43, 44, 45, 46], "o": [3, 11, 14, 19, 20, 25, 26, 27, 28, 29, 32, 36, 42], "digit": 3, "signatur": [3, 7, 17, 19, 23, 24, 25, 26, 38, 40, 41, 42, 44, 45, 46], "co": 3, "4": [3, 4, 8, 14, 18, 23, 24, 25, 26, 28, 36, 37, 38, 40, 41, 42], "itself": [3, 46], "concaten": [3, 7], "full_chain": 3, "token": [3, 19], "a5b1c3d2e9f8g7h6": 3, "12345": [3, 6, 23, 24, 40, 41], "2022": [3, 28], "08": [3, 11, 32, 33, 36], "01t01": 3, "02": [3, 11], "34z": 3, "04t01": 3, "03": [3, 11, 25, 27, 28, 29, 32, 36, 42, 46], "45z": 3, "per": [3, 28], "yet": [3, 6], "_acm": 3, "known": [3, 11, 12, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 34, 35, 36, 40, 41, 42, 44, 45, 46], "evagxfads6psrb2lav9izf17dt3juxgj": 3, "pct92wr": 3, "oa": 3, "resource_origin": 3, "origin": [3, 11, 14, 23, 24, 25, 27, 28, 29, 32, 36, 40, 41, 42, 46], "produc": 3, "blob": 3, "put": 3, "acmevalid": 3, "x509": 3, "editor": 3, "rfc8737": 3, "b64decod": [3, 9, 43], "jinja": 3, "filter": [3, 16, 24, 31, 35, 41, 45], "extract": [3, 14, 23, 24, 30, 40, 41, 46], "ilirfxkkxa": 3, "17dt3juxgj": 3, "finalization_uri": 3, "michael": 3, "gruener": 3, "mgruener": 3, "exactli": [4, 14, 20, 23, 24, 29, 40, 41], "private_key_src": [4, 5], "private_key_cont": [4, 5, 25, 26, 28, 36], "valu": 4, "private_key_passphras": [4, 5, 29], "revoke_reason": 4, "One": [4, 19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 46], "revoc": [4, 11, 17, 25, 26, 44], "reasoncod": 4, "defin": [4, 10, 11, 12, 13, 18, 25, 26, 32, 33, 42, 43, 46], "rfc5280": [4, 25, 26], "possibl": [4, 11, 14, 23, 24, 40, 41], "unspecifi": [4, 19, 20, 25, 27, 28, 29, 32, 36, 42, 44, 45, 46], "keycompromis": 4, "cacompromis": 4, "affiliationchang": 4, "supersed": [4, 25, 26, 44, 45, 46], "cessationofoper": 4, "certificatehold": 4, "removefromcrl": 4, "9": [4, 14, 17, 20, 32, 33, 41, 42], "privilegewithdrawn": 4, "aacompromis": 4, "return": 4, "alreadi": [4, 11, 12, 18, 19, 20, 25, 26, 27, 28, 32, 36, 42, 43, 45, 46], "unchang": [4, 18], "depend": [4, 8, 11, 14, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "raw": [5, 6, 14, 29, 32, 33], "convert": [5, 17, 20, 23, 24, 30, 32, 33, 40, 41, 44, 45, 46], "simpl": [5, 9, 10], "gener": [5, 7, 11, 17, 18, 23, 24, 29, 31, 35, 37, 38, 40, 41, 45], "dictsort": 5, "sample_com_challenge_cert": 5, "regular_certif": 5, "deliv": 5, "regular": [5, 6], "connect": [5, 6, 14], "except": [5, 6, 14, 20, 23, 24, 25, 26, 28, 32, 33, 40, 41, 46], "challenge_certif": 5, "achiev": 5, "veri": [5, 10, 45], "nginx": [5, 6], "search": 5, "ssl_preread": 5, "ssl_preread_alpn_protocol": 5, "rout": 5, "private_kei": [5, 19, 33], "identifier_typ": 5, "self": [5, 9, 17, 25, 26, 41, 42, 43], "place": [5, 23, 24, 30, 31, 34, 35, 40, 41], "attempt": [6, 20], "encount": 6, "wish": 6, "investig": 6, "sent": [6, 12], "method": [6, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "otherwis": [6, 11, 14, 18, 19, 20, 23, 24, 25, 27, 28, 29, 32, 36, 40, 41, 42, 44, 45, 46], "fail_on_acme_error": 6, "id": [6, 11, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "localhost": [6, 14, 25, 43], "m": [6, 14, 19, 25, 26, 41, 42, 43, 46], "acct": 6, "newaccount": 6, "termsofserviceagre": 6, "account_cr": 6, "locat": [6, 11, 12, 42, 45, 46], "account_info": 6, "to_json": 6, "certificate_request": 6, "someth": [6, 28, 41], "went": 6, "wrong": 6, "output_json": 6, "selectattr": 6, "equalto": 6, "http01challeng": 6, "manual": [6, 12], "a85k3x9f91a4": 6, "random": [6, 12], "33417": 6, "keychang": 6, "meta": 6, "caaident": 6, "termsofservic": 6, "le": 6, "sa": 6, "novemb": 6, "2017": 6, "pdf": 6, "websit": 6, "newnonc": 6, "nonc": 6, "neword": 6, "revokecert": 6, "lowercas": 6, "boulder": 6, "cach": 6, "max": 6, "ag": 6, "close": [6, 18], "length": [6, 20, 42], "904": 6, "applic": [6, 11, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "cooki": 6, "cookies_str": 6, "wed": 6, "07": [6, 23, 24, 30, 31, 34, 35, 40, 41], "nov": 6, "2018": [6, 11], "12": [6, 14, 17, 25, 26, 27, 32, 33, 36, 42, 43], "34": [6, 23, 24, 30, 31, 34, 35, 40, 41], "56": [6, 32, 33, 36], "gmt": [6, 42, 43], "44": [6, 23, 24, 25, 26, 40, 41], "rel": [6, 19, 25, 26, 41, 42, 43, 46], "msg": [6, 14, 15, 16, 23, 30, 33, 34, 39, 40, 44, 45], "ok": 6, "byte": [6, 18, 23, 24, 25, 26, 40, 41], "pragma": 6, "replai": 6, "1234567890abcdefghijklmnopqrstuvwxyzabcdefgh": 6, "200": 6, "transport": [6, 31], "604800": 6, "46161": 6, "frame": 6, "deni": 6, "pars": [6, 7, 14, 19, 20, 23, 24, 25, 27, 28, 29, 31, 32, 36, 40, 41, 42], "output_text": 6, "text": [6, 11, 12], "see": [7, 9, 14, 18, 19, 20, 46], "note": [7, 9, 18, 19, 23, 24, 27, 28, 29, 30, 31, 32, 33, 40, 44], "input_chain": 7, "intermediate_certif": 7, "filenam": [7, 11, 16, 19, 20, 25, 27, 28, 32, 36, 42, 46], "subdirectori": 7, "scan": 7, "root_certif": 7, "www_ansible_com": 7, "completechain": 7, "join": [7, 14, 23, 30, 40], "complete_chain": 7, "rootchain": 7, "input": [7, 12, 28], "python": [8, 14, 23, 24, 27, 28, 30, 31, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "crypto_inform": 8, "show": [8, 9, 10, 15, 16, 23, 30, 33, 34, 40, 42, 44], "openssl_pres": 8, "usr": [8, 19, 20, 25, 27, 28, 29, 32, 36, 42], "bin": [8, 19, 20, 25, 27, 28, 29, 32, 36, 42], "1m": 8, "version_output": 8, "14": [8, 32, 33, 36], "dec": 8, "2021": 8, "python_cryptography_cap": 8, "python_cryptography_instal": 8, "theoret": 8, "higher": [8, 11, 15, 16, 23, 30, 34, 39, 40, 44], "libssl": 8, "has_dsa": 8, "dsa": [8, 10, 20, 23, 24, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41], "has_dsa_sign": 8, "has_ec": 8, "has_ec_sign": 8, "has_ed25519": 8, "ed25519": [8, 20, 23, 24, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41], "has_ed25519_sign": 8, "has_ed448": 8, "ed448": [8, 23, 24, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41], "has_ed448_sign": 8, "has_rsa": 8, "has_rsa_sign": 8, "has_x25519": 8, "x25519": [8, 10, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "has_x25519_seri": 8, "serial": [8, 11, 14, 19, 23, 24, 25, 26, 40, 41, 44, 45, 46], "has_x448": 8, "x448": [8, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "python_cryptography_import_error": 8, "commun": [9, 10], "crypto": [9, 10], "guid": [9, 10], "exampl": [9, 10], "password": [9, 10, 11, 12, 18, 20, 25, 26, 28, 38, 42, 43, 46], "protect": [9, 10, 18, 20, 25, 26, 32, 33, 36, 38, 42, 43, 46], "secret_ca_passphras": 9, "instruct": [9, 12], "ask": 9, "pai": 9, "commerci": [9, 25, 26], "passphras": [9, 10, 18, 20, 25, 26, 28, 29, 30, 31, 32, 33, 36, 38, 42, 43, 46], "privatekey_path": [9, 10, 24, 25, 26, 28, 35, 36, 37, 38, 41, 42, 43, 46], "privatekey_passphras": [9, 10, 25, 26, 28, 36, 38, 42, 43, 46], "common_nam": [9, 10, 24, 25, 26], "use_common_name_for_san": [9, 25, 26], "san": [9, 10, 11, 25, 26], "don": 9, "basic_constraint": [9, 23, 24, 25, 26, 40, 41], "basic_constraints_crit": [9, 23, 24, 25, 26, 40, 41], "key_usag": [9, 23, 24, 25, 26, 40, 41, 42], "keycertsign": 9, "key_usage_crit": [9, 23, 24, 25, 26, 40, 41], "ca_csr": 9, "x509_certif": [9, 10, 12, 17, 22, 25, 26, 27, 28, 32, 33, 36, 37, 41, 43], "selfsign": [9, 10, 41, 42, 43], "x509_certificate_pip": [9, 17, 25, 26, 32, 33, 36, 41, 42], "server_1": 9, "while": [9, 11, 12, 32, 33, 42, 43], "our": [9, 43], "server_2": 9, "materi": [9, 31, 33], "leav": [9, 31], "respect": [9, 18, 23, 25, 26, 30, 34, 40], "delegate_to": [9, 14, 43], "run_onc": [9, 14], "subject_alt_nam": [9, 10, 11, 23, 24, 25, 26, 30, 40, 41, 42], "ownca": [9, 42, 43], "ownca_path": [9, 42, 43], "ownca_privatekey_path": [9, 42, 43], "ownca_privatekey_passphras": [9, 42, 43], "ownca_not_aft": [9, 42, 43], "365d": [9, 42, 43], "year": [9, 10, 11, 42, 43], "ownca_not_befor": [9, 42, 43], "1d": [9, 32, 33, 36, 41], "yesterdai": 9, "abov": 9, "procedur": 9, "idempot": [9, 18, 19, 28, 33, 42, 43, 46], "extend": [9, 11], "stat": 9, "certificate_exist": 9, "slurp": [9, 43], "els": [9, 28], "kind": 10, "start": [10, 23, 24, 30, 31, 34, 35, 40, 41, 42, 43], "paramet": [10, 15, 16, 17, 34, 39], "4096": [10, 20, 27, 31, 32, 33, 35], "bit": [10, 20, 23, 24, 27, 30, 31, 32, 33, 34, 35, 40, 41], "size": [10, 12, 18, 20, 23, 24, 27, 30, 31, 32, 33, 34, 35, 40, 41], "changem": 10, "proce": 10, "selfsigned_not_aft": [10, 42, 43], "roughli": 10, "selfsigned_not_befor": [10, 42, 43], "now": [10, 11, 19, 42, 43, 46], "properti": 10, "constraint": [10, 25, 26], "organization_nam": [10, 25, 26], "inc": [10, 11], "reissu": 11, "credenti": [11, 12, 42, 43], "organ": [11, 44], "system": [11, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "those": [11, 19, 20, 25, 27, 28, 29, 32, 36, 42], "pyyaml": [11, 12], "11": [11, 12, 14, 19, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 34, 35, 36, 40, 41, 42, 46], "additional_email": 11, "receiv": [11, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42], "deliveri": 11, "notic": 11, "notif": 11, "backup": [11, 20, 25, 27, 28, 29, 32, 33, 36, 42, 46], "made": [11, 12, 19], "cert_expiri": 11, "compliant": 11, "2020": [11, 19, 20, 25, 27, 28, 29, 32, 36, 42], "23": 11, "23t15": 11, "00": [11, 19, 23, 24, 25, 26, 32, 33, 36, 40, 41, 42, 43], "05z": 11, "request_typ": 11, "issuanc": [11, 42, 43], "subsequ": 11, "initi": [11, 14], "month": [11, 42, 43], "choos": 11, "adjust": [11, 20, 42, 43], "eastern": 11, "est": [11, 42, 43], "unintend": 11, "effect": 11, "pool": 11, "inventori": 11, "model": 11, "cert_lifetim": 11, "lifetim": [11, 42, 43], "cert_typ": 11, "cds_individu": 11, "cds_group": 11, "cds_ent_lit": [11, 42, 43], "cds_ent_pro": [11, 42, 43], "smime_": [11, 42, 43], "p1y": 11, "p2y": 11, "p3y": 11, "standard_ssl": [11, 42, 43], "advantage_ssl": [11, 42, 43], "uc_ssl": [11, 42, 43], "ev_ssl": [11, 42, 43], "wildcard_ssl": [11, 42, 43], "private_ssl": [11, 42, 43], "pd_ssl": [11, 42, 43], "code_sign": 11, "ev_code_sign": 11, "client_id": [11, 12], "under": [11, 12], "primari": [11, 12], "cannot": [11, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 46], "distinguish": 11, "repres": 11, "64": 11, "around": [11, 31], "overrid": [11, 15, 16, 23, 30, 34, 39, 40, 44], "eku": 11, "ou": [11, 14, 25, 26], "organiz": 11, "unit": 11, "replac": [11, 33, 46], "ti": 11, "ct_log": 11, "complianc": 11, "browser": 11, "transpar": 11, "ct": 11, "log": [11, 19, 30, 31, 32, 33], "best": [11, 19, 20, 25, 27, 28, 29, 32, 36, 42], "practic": 11, "techniqu": 11, "owner": [11, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "monitor": 11, "elig": [11, 12], "custom_field": 11, "date1": 11, "date2": 11, "date3": 11, "date4": 11, "date5": 11, "dropdown1": 11, "dropdown": 11, "dropdown2": 11, "dropdown3": 11, "dropdown4": 11, "dropdown5": 11, "email1": 11, "email2": 11, "email3": 11, "email4": 11, "email5": 11, "number1": 11, "float": [11, 18], "number2": 11, "number3": 11, "number4": 11, "number5": 11, "text1": 11, "maximum": [11, 23, 24, 30, 31, 34, 35, 40, 41, 42, 43], "500": 11, "charact": 11, "text10": 11, "text11": 11, "text12": 11, "text13": 11, "text14": 11, "text15": 11, "text2": 11, "text3": 11, "text4": 11, "text5": 11, "text6": 11, "text7": 11, "text8": 11, "text9": 11, "server_auth": 11, "client_auth": 11, "server_and_client_auth": 11, "end_user_key_storage_agr": 11, "user": [11, 17, 18, 20, 25, 27, 28, 29, 32, 36, 42, 46], "code": 11, "cryptograph": [11, 17], "hardwar": 11, "csp": 11, "subscript": 11, "acknowledg": 11, "entrust_api_client_cert_key_path": [11, 12, 42, 43], "entrust_api_client_cert_path": [11, 12, 42, 43], "entrust_api_kei": [11, 12, 42, 43], "entrust_api_specification_path": [11, 12, 42, 43], "configur": [11, 12, 13, 15, 16, 18, 19, 20, 23, 25, 27, 28, 29, 30, 32, 33, 34, 36, 39, 40, 42, 43, 44, 46], "keep": [11, 12, 32, 42, 43], "download": [11, 12, 42, 43], "cloud": [11, 12, 42, 43], "net": [11, 12, 42, 43], "entrustcloud": [11, 12, 42, 43], "cm": [11, 12, 42, 43], "yaml": [11, 12, 42, 43], "entrust_api_us": [11, 12, 42, 43], "usernam": [11, 12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 43, 46], "regardless": 11, "within": [11, 12], "past": [11, 40, 41], "full_chain_path": 11, "unless": [11, 12, 18, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "behavior": [11, 20, 28, 32, 33, 42], "neither": 11, "nor": 11, "reus": 11, "unapprov": 11, "failur": [11, 14], "reserv": 11, "futur": 11, "calcul": 11, "tracking_id": 11, "obtain": [11, 12], "act": [11, 19], "upon": [11, 23, 24, 30, 31, 34, 35, 40, 41], "exmapl": 11, "refer": 11, "validate_onli": 11, "cautiou": 11, "along": 11, "requester_email": 11, "track": [11, 42, 43], "requester_nam": 11, "requester_phon": 11, "phone": [11, 42, 43], "arrai": 11, "subjectaltnam": [11, 25, 26], "understand": [11, 18], "tld": 11, "save": [11, 27], "referenc": 11, "tracking_info": 11, "free": 11, "attach": [11, 25, 26], "partial": 11, "bare": 11, "minimum": [11, 20, 42, 43], "jo": [11, 42], "jdoe": [11, 25, 42], "555": [11, 42], "5555": [11, 42], "apiusernam": [11, 12, 42], "lv": [11, 12, 42], "32": [11, 12, 19, 23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42], "cd9lnt": [11, 12, 42], "20": [11, 25], "79": [11, 32, 33, 36], "migrat": 11, "2378915": 11, "rather": 11, "overridden": [11, 27, 28], "testcertif": 11, "administr": [11, 12], "via": [11, 42], "itsupport": 11, "jsmith": 11, "admin": [11, 12], "invoic": 11, "25": [11, 32, 33, 36], "342": 11, "sale": 11, "red": 11, "backup_fil": [11, 25, 27, 28, 29, 32, 36, 42, 46], "2019": [11, 19, 25, 27, 28, 29, 32, 36, 42, 43, 46], "09": [11, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 46], "22": [11, 23, 24, 25, 26, 27, 28, 29, 32, 33, 36, 40, 41, 42, 46], "backup_full_chain_fil": 11, "253": 11, "cert_detail": 11, "guarante": 11, "forward": [11, 19], "releas": [11, 19], "take": [11, 15, 16, 19, 20, 23, 24, 25, 27, 30, 31, 32, 34, 35, 36, 40, 41, 42, 44, 45, 46], "howev": [11, 18, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "audit": 11, "cert_statu": 11, "expand": 11, "approv": [11, 12], "declin": [11, 12], "na": 11, "pending_quorum": 11, "suspend": 11, "serial_numb": [11, 14, 19, 40, 41, 44, 45, 46], "1235262234164342": 11, "380079": 11, "chri": [11, 12], "trufan": [11, 12], "ctrufan": [11, 12], "verification_method": 12, "domain_statu": 12, "dns_content": 12, "dns_locat": 12, "dns_resource_typ": 12, "web_serv": 12, "file_cont": 12, "file_loc": 12, "e": [12, 25, 26], "were": [12, 14], "pure": 12, "domain_nam": 12, "reverifi": 12, "verification_email": 12, "ownership": [12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "whoi": 12, "construct": 12, "webmast": 12, "hostmast": 12, "postmast": 12, "subdomain": 12, "top": 12, "level": [12, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "example1": 12, "example2": 12, "preconstruct": 12, "namespac": 12, "exact": [12, 46], "verif": 12, "prove": 12, "There": [12, 18], "small": [12, 17], "delai": 12, "typic": 12, "Be": 12, "awar": 12, "mani": [12, 14, 46], "ecs_certif": [12, 17], "revalid": 12, "fewer": [12, 42, 43], "ev": 12, "belong": [12, 25, 26], "expect": [12, 32, 33, 41, 42, 43, 46], "ab23cd41432522ff2526920393982fab": 12, "_pki": 12, "cancel": 12, "initial_verif": 12, "re_verif": 12, "ev_days_remain": 12, "submiss": 12, "never": [12, 14, 19, 20, 32, 33, 42, 43, 46], "greater": [12, 19], "ov_days_remain": 12, "ev_elig": 12, "94": [12, 23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "ov_elig": 12, "abcd": 12, "ov": 12, "129": 12, "declar": 13, "No": 13, "sni": 14, "proxy_host": 14, "asn1_base64": 14, "asn": [14, 23, 24, 40, 41, 42, 43, 44, 45, 46], "claim": 14, "ca_cert": [14, 43], "cipher": [14, 18, 32, 33], "libressl": 14, "fine": 14, "proxi": 14, "proxy_port": 14, "8080": 14, "server_nam": 14, "starttl": 14, "mysql": 14, "succe": 14, "rdp": 14, "3389": 14, "googl": 14, "443": 14, "expire_dai": 14, "not_aft": [14, 40, 41, 42], "to_datetim": 14, "d": [14, 19, 41, 42, 43, 46], "h": [14, 19, 41, 42, 43, 46], "sz": 14, "ansible_date_tim": 14, "iso8601": 14, "dt": 14, "asn1_data": 14, "surviv": 14, "also": [14, 19, 20, 46], "displai": [14, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "github": [14, 17], "80258": 14, "usual": [14, 19, 23, 24, 40, 41], "malform": [14, 23, 24, 40, 41], "critic": [14, 23, 24, 25, 26, 40, 41, 44, 45, 46], "not_befor": [14, 40, 41, 42], "signature_algorithm": [14, 19, 40, 41, 42], "john": 14, "westcott": 14, "iv": 14, "gnupg": [15, 16], "public_kei": [15, 16, 19, 20, 23, 24, 30, 31, 40, 41, 42], "low": [15, 16, 23, 30, 34, 39, 40, 44], "high": [15, 16, 23, 30, 34, 39, 40, 44], "prioriti": [15, 16, 23, 30, 34, 39, 40, 44], "lower": [15, 16, 23, 30, 34, 39, 40, 44], "author": 17, "newer": [17, 19, 32, 33, 37, 38], "matrix": 17, "room": 17, "im": 17, "question": 17, "irc": 17, "channel": [17, 31], "libera": 17, "network": 17, "mail": 17, "project": 17, "subscrib": 17, "acm": [17, 42], "requir": [17, 34, 39], "send": [17, 28, 44, 45], "direct": 17, "crypto_info": 17, "capabl": 17, "entrust": [17, 42, 43], "ecs_domain": 17, "get_certif": 17, "port": [17, 19], "luks_devic": 17, "luk": 17, "devic": 17, "openssh_cert": 17, "openssh": [17, 36], "openssh_keypair": [17, 36], "openssl_csr_info": [17, 25, 26, 42], "openssl_dhparam": [17, 25, 26, 28, 32, 33, 36, 42, 43], "diffi": [17, 25, 26, 28, 32, 33, 36, 42, 43], "hellman": [17, 25, 26, 28, 32, 33, 36, 42, 43], "openssl_pkcs12": [17, 25, 26, 27, 32, 33, 36, 42, 43], "pkc": [17, 19, 25, 26, 27, 32, 33, 36, 42, 43], "archiv": [17, 25, 26, 27, 32, 33, 36, 42, 43], "openssl_privatekey_convert": 17, "openssl_privatekey_info": [17, 32, 33, 35, 42], "openssl_publickei": [17, 25, 26, 27, 28, 29, 32, 33, 35, 42, 43], "openssl_publickey_info": 17, "openssl_signatur": [17, 37], "openssl_signature_info": [17, 38], "x509_certificate_info": [17, 21, 42], "509": [17, 45], "x509_crl": [17, 45], "crl": [17, 25, 26], "x509_crl_info": 17, "gpg_fingerprint": 17, "gpg": 17, "fingerprint": [17, 20, 23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "split_pem": 17, "split": 17, "destroi": 18, "open": 18, "cryptsetup": 18, "wipef": 18, "lsblk": 18, "blkid": 18, "label": [18, 23, 24, 30, 40, 41, 44, 45, 46], "uuid": 18, "pre": [18, 28], "kernel": 18, "ae": [18, 32, 33, 36], "plain": 18, "spec": 18, "essiv": 18, "cbc": 18, "sha256": [18, 20, 23, 24, 25, 26, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42, 43, 46], "dev": 18, "sda1": 18, "force_remove_last_kei": 18, "bewar": 18, "hash": [18, 23, 24, 30, 31, 34, 35, 40, 41], "setup": 18, "scheme": 18, "volum": 18, "digest": [18, 25, 26, 42, 43, 44, 45, 46], "keyfil": 18, "unlock": 18, "plaintext": 18, "danger": 18, "keysiz": [18, 32], "luks2": 18, "later": 18, "luks1": 18, "new_keyfil": 18, "add": [18, 19], "keyslot": 18, "new_passphras": 18, "pbkdf": 18, "deriv": 18, "argon2i": 18, "argon2id": 18, "pbkdf2": 18, "iteration_count": 18, "iter": 18, "count": 18, "iteration_tim": 18, "millisecond": 18, "memori": 18, "cost": 18, "kilobyt": 18, "argon": 18, "parallel": 18, "thread": 18, "perf_no_read_workqueu": 18, "bypass": 18, "dm": 18, "crypt": 18, "intern": 18, "workqueu": 18, "synchron": 18, "perf_no_write_workqueu": 18, "perf_same_cpu_crypt": 18, "cpu": 18, "io": 18, "unbound": 18, "balanc": 18, "perf_submit_from_crypt_cpu": 18, "offload": 18, "separ": [18, 19, 23, 24, 25, 26, 40, 41], "situat": [18, 20, 32, 33], "block": [18, 33], "singl": 18, "degrad": 18, "significantli": 18, "persist": 18, "metadata": 18, "them": [18, 19, 20, 25, 27, 28, 29, 32, 36, 42], "next": [18, 31], "remove_keyfil": 18, "filesystem": [18, 19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "remove_passphras": 18, "sector_s": 18, "sector": 18, "lock": 18, "suffic": 18, "explicit": 18, "With": 18, "loop0": 18, "mycrypt": 18, "keyfile2": 18, "personallabelnam": 18, "03ecd578": 18, "fad4": 18, "4e6c": 18, "9348": 18, "842e3e8fa340": 18, "suppli": 18, "c1da9a58": 18, "2fde": 18, "4256": 18, "9d9f": 18, "6ab008b4dd1b": 18, "jan": 18, "pokorni": 18, "japokorn": 18, "regener": [19, 20, 25, 26, 27, 28, 32, 33, 36, 42, 43, 46], "ssh": [19, 20], "keygen": [19, 20], "attr": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "flag": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "look": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "man": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "page": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "chattr": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "lsattr": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "equival": [19, 20, 32], "fed": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "chown": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "preserv": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "ignore_timestamp": [19, 42, 43, 46], "valid_from": 19, "valid_to": 19, "meet": 19, "chmod": [19, 20, 25, 27, 28, 29, 32, 36, 42], "rememb": [19, 20, 25, 27, 28, 29, 32, 36, 42], "octal": [19, 20, 25, 27, 28, 29, 32, 36, 42], "correctli": [19, 20, 25, 27, 28, 29, 32, 36, 42], "644": [19, 20, 25, 27, 28, 29, 32, 36, 42], "1777": [19, 20, 25, 27, 28, 29, 32, 36, 42], "convers": [19, 20, 25, 27, 28, 29, 32, 36, 42], "zero": [19, 20, 25, 27, 28, 29, 32, 36, 42], "0755": [19, 20, 25, 27, 28, 29, 32, 36, 42], "sometim": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "circumst": [19, 20, 25, 27, 28, 29, 32, 36, 42], "rule": [19, 20, 25, 27, 28, 29, 32, 36, 42], "decim": [19, 20, 25, 27, 28, 29, 32, 36, 42], "unexpect": [19, 20, 25, 27, 28, 29, 32, 36, 42], "rwx": [19, 20, 25, 27, 28, 29, 32, 36, 42], "rw": [19, 20, 25, 27, 28, 29, 32, 36, 42], "g": [19, 20, 23, 24, 25, 27, 28, 29, 30, 31, 32, 34, 35, 36, 40, 41, 42], "r": [19, 20, 24, 25, 27, 28, 29, 31, 32, 35, 36, 41, 42], "umask": [19, 20, 25, 27, 28, 29, 32, 36, 42], "newli": [19, 20, 25, 27, 28, 29, 32, 36, 42], "cve": [19, 20, 25, 27, 28, 29, 32, 36, 42], "1736": [19, 20, 25, 27, 28, 29, 32, 36, 42], "clear": 19, "shell": 19, "agent": 19, "permit": [19, 23, 24, 25, 26], "pty": 19, "alloc": 19, "rc": 19, "sshd": 19, "x11": 19, "address_list": 19, "comma": 19, "netmask": 19, "pair": [19, 25, 26, 46], "cidr": 19, "numer": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "confus": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "pkcs11_provid": 19, "resid": 19, "share": 19, "libpkcs11": 19, "signing_kei": 19, "princip": 19, "By": [19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 46], "unread": 19, "partial_idempot": [19, 20, 32, 33], "valid_at": [19, 41, 42], "full_idempot": [19, 20, 32, 33], "compar": 19, "selevel": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "selinux": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "context": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "ml": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "mc": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "rang": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "_default": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "portion": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "polici": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "keyrevocationlist": 19, "again": [19, 44, 45], "serol": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "role": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "setyp": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "seuser": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "sha": 19, "refus": 19, "sha2": 19, "512": 19, "correspond": [19, 20, 32, 33], "sshd_config": 19, "casignaturealgorithm": 19, "keyword": [19, 33, 41, 42], "prior": 19, "unsafe_writ": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "influenc": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "atom": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "prevent": [19, 20, 25, 27, 28, 29, 31, 32, 36, 42, 46], "inconsist": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "just": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "broken": [19, 20, 25, 27, 28, 29, 32, 33, 36, 42, 46], "docker": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "mount": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "insid": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "unsaf": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "manner": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "doesn": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "race": [19, 20, 25, 27, 28, 29, 32, 36, 42, 46], "use_ag": 19, "interpret": [19, 41, 42, 43, 46], "utc": [19, 41, 42, 43, 45, 46], "mainli": 19, "timespec": [19, 41, 42, 43, 46], "NOT": [19, 33, 42, 43, 46], "absolut": [19, 24, 31, 35, 41, 42, 43, 45, 46], "yyyi": 19, "mm": 19, "ddthh": 19, "ss": 19, "hh": 19, "w": [19, 24, 31, 35, 41, 42, 43, 46], "32w1d2h": [19, 41, 42, 43, 46], "1970": 19, "01t00": 19, "earlier": [19, 42, 43], "express": 19, "comparison": 19, "forev": 19, "pub": [19, 20, 35], "week": [19, 41], "32w": 19, "2w": 19, "examplehost": 19, "21": 19, "2001": 19, "tmp": [19, 20, 37, 38], "bla": 19, "ca_public_kei": 19, "info": [19, 23, 24, 40, 41], "l": [19, 25, 26], "f": 19, "david": [19, 20], "kainz": [19, 20], "lolcub": [19, 20], "rsa1": 20, "ecdsa": [20, 37, 38], "opensshbin": 20, "decrypt": [20, 28], "private_key_format": 20, "pkcs1": [20, 29, 32, 33], "keypair": 20, "pkcs8": [20, 29, 32, 33], "conform": [20, 32, 33], "unknown": [20, 23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "therefor": 20, "1024": 20, "2048": [20, 27, 28, 32, 33], "suffici": 20, "fip": 20, "186": 20, "three": [20, 41, 42, 43, 46], "384": 20, "521": 20, "fix": 20, "id_ssh_rsa": 20, "super_secret_password": 20, "id_ssh_dsa": 20, "r4yczxihvjedh2olfjvgi6y5xaytdcwk8vxkyzvyyfm": 20, "aaaab3nza": 20, "vel4e3xcw": 20, "name_encod": [23, 24, 30, 40, 41, 44, 45, 46], "idna": [23, 24, 30, 40, 41, 44, 45, 46], "key1": [23, 30, 40, 44], "value1": [23, 30, 40, 44], "key2": [23, 30, 40, 44], "value2": [23, 30, 40, 44], "idna2008": [23, 24, 30, 40, 41, 44, 45, 46], "idna2003": [23, 24, 30, 40, 41, 44, 45, 46], "unicod": [23, 24, 30, 40, 41, 44, 45, 46], "alt": [23, 30, 40], "authority_cert_issu": [23, 24, 25, 26, 40, 41], "idn": [23, 24, 40, 41, 44, 45, 46], "handl": [23, 24, 40, 41, 44, 45, 46], "authority_cert_serial_numb": [23, 24, 25, 26, 40, 41], "hexadecim": [23, 24, 40, 41], "33": [23, 24, 25, 26, 30, 31, 32, 33, 34, 35, 36, 40, 41], "55": [23, 24, 25, 26, 40, 41], "66": [23, 24, 25, 26, 32, 33, 36, 40, 41], "77": [23, 24, 25, 26, 32, 33, 36, 40, 41], "88": [23, 24, 25, 26, 32, 33, 36, 40, 41], "99": [23, 24, 25, 26, 32, 33, 36, 40, 41], "aa": [23, 24, 25, 26, 30, 31, 34, 35, 40, 41], "bb": [23, 24, 25, 26, 40, 41], "cc": [23, 24, 25, 26, 32, 33, 36, 40, 41], "ee": [23, 24, 25, 26, 32, 33, 36, 40, 41], "pathlen": [23, 24, 40, 41], "extended_key_usag": [23, 24, 25, 26, 40, 41, 42], "biometr": [23, 24, 40, 41], "dvc": [23, 24, 40, 41, 42], "stamp": [23, 24, 40, 41], "extended_key_usage_crit": [23, 24, 25, 26, 40, 41], "extensions_by_oid": [23, 24, 40, 41, 42], "oid": [23, 24, 40, 41], "24": [23, 24, 32, 33, 36, 40, 41], "mamcaqu": [23, 24, 40, 41], "der": [23, 24, 40, 41, 44, 45, 46], "encipher": [23, 24, 25, 26, 40, 41, 42], "name_constraints_crit": [23, 24, 25, 26], "name_constraint": [23, 24], "name_constraints_exclud": [23, 24, 25, 26], "subtre": [23, 24, 25, 26], "name_constraints_permit": [23, 24, 25, 26], "somedomain": [23, 24, 25, 26], "ocsp_must_stapl": [23, 24, 25, 26, 40, 41], "ocsp": [23, 24, 25, 26, 40, 41], "stapl": [23, 24, 25, 26, 40, 41], "ocsp_must_staple_crit": [23, 24, 25, 26, 40, 41], "begin": [23, 24, 30, 31, 40, 41], "miicijanbgkqhkig9w0baqefaaocag8a": [23, 30, 40], "public_key_data": [23, 24, 40, 41], "ecc": [23, 24, 30, 31, 32, 33, 34, 35, 40, 41], "_valu": [23, 30, 34, 40], "public_key_typ": [23, 24, 40, 41], "expon": [23, 24, 30, 31, 34, 35, 40, 41], "exponent_s": [23, 24, 30, 31, 34, 35, 40, 41], "subgroup": [23, 24, 30, 31, 34, 35, 40, 41], "span": [23, 24, 30, 31, 34, 35, 40, 41], "prime": [23, 24, 30, 31, 34, 35, 40, 41], "modulu": [23, 24, 30, 31, 34, 35, 40, 41], "arithmet": [23, 24, 30, 31, 34, 35, 40, 41], "q": [23, 24, 30, 31, 34, 35, 40, 41], "divid": [23, 24, 30, 31, 34, 35, 40, 41], "coordin": [23, 24, 30, 31, 34, 35, 40, 41], "publicli": [23, 24, 30, 31, 34, 35, 40, 41], "whose": [23, 24, 30, 31, 34, 35, 40, 41, 43], "discret": [23, 24, 30, 31, 34, 35, 40, 41], "logarithm": [23, 24, 30, 31, 34, 35, 40, 41], "public_key_fingerprint": [23, 24, 30, 31, 40, 41], "comput": [23, 24, 30, 31, 34, 35, 40, 41], "d4": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "b3": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "6d": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "c8": [23, 24, 30, 31, 34, 35, 40, 41], "ce": [23, 24, 30, 31, 34, 35, 40, 41], "4e": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "f6": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "29": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "4d": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "92": [23, 24, 30, 31, 34, 35, 40, 41], "a3": [23, 24, 30, 31, 34, 35, 40, 41], "b0": [23, 24, 30, 31, 34, 35, 40, 41], "c2": [23, 24, 30, 31, 34, 35, 40, 41], "bd": [23, 24, 30, 31, 34, 35, 40, 41], "bf": [23, 24, 30, 31, 34, 35, 40, 41], "43": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "0f": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "51": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "95": [23, 24, 30, 31, 34, 35, 40, 41], "2f": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "sha512": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "f7": [23, 24, 30, 31, 34, 35, 40, 41], "f0": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "8b": [23, 24, 30, 31, 34, 35, 40, 41], "5f": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "f9": [23, 24, 30, 31, 34, 35, 40, 41], "61": [23, 24, 30, 31, 34, 35, 40, 41], "0a": [23, 24, 30, 31, 34, 35, 40, 41], "68": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "f1": [23, 24, 30, 31, 32, 33, 34, 35, 36, 40, 41], "signature_valid": [23, 24], "repeat": [23, 24, 28, 40, 41, 44, 45, 46], "emailaddress": [23, 24, 25, 26, 40, 41], "subject_alt_name_crit": [23, 24, 25, 26, 40, 41], "subject_ord": [23, 24, 25, 26, 40, 41, 42], "tupl": [23, 24, 25, 26, 40, 41, 44, 45, 46], "interact": [24, 31, 35, 41, 42, 43], "remot": [24, 31, 35, 41, 42, 43, 45, 46], "load": [24, 29, 31, 35, 41], "variant": [24, 31, 35, 41, 45], "dump": [24, 28, 31, 35, 41], "nmiicijanbgkqhkig9w0baqefaaocag8a": [24, 31, 41], "yani": [24, 25, 26, 31, 32, 33, 36, 41, 42, 43], "guenan": [24, 25, 26, 31, 32, 33, 36, 41, 42, 43], "spredzi": [24, 25, 26, 31, 32, 33, 36, 41, 42, 43], "seem": [25, 26, 42], "overwrit": [25, 27, 32, 42], "keyusag": [25, 26], "extendedkeyusag": [25, 26], "basicconstraint": [25, 26], "That": [25, 26], "rid": [25, 26], "dirnam": [25, 26], "othernam": [25, 26], "ones": [25, 26, 27], "mostli": [25, 26], "hex": [25, 26], "colon": [25, 26], "overwrot": [25, 27, 28, 29, 32, 36, 42, 46], "accid": [25, 27, 28, 29, 32, 36, 42, 46], "basicconstraints_crit": [25, 26], "country_nam": [25, 26], "c": [25, 26], "countrynam": [25, 26], "create_subject_key_identifi": [25, 26], "crl_distribution_point": [25, 26], "distribut": [25, 26], "crl_issuer": [25, 26], "full_nam": [25, 26], "relative_nam": [25, 26], "key_compromis": [25, 26, 44, 45, 46], "ca_compromis": [25, 26, 44, 45, 46], "affiliation_chang": [25, 26, 44, 45, 46], "cessation_of_oper": [25, 26, 44, 45, 46], "certificate_hold": [25, 26, 44, 45, 46], "privilege_withdrawn": [25, 26, 44, 45, 46], "aa_compromis": [25, 26, 44, 45, 46], "email_address": [25, 26], "extkeyusag": [25, 26], "extkeyusage_crit": [25, 26], "extendedkeyusage_crit": [25, 26], "keyusage_crit": [25, 26], "locality_nam": [25, 26], "localitynam": [25, 26], "ocspmuststapl": [25, 26], "rfc7633": [25, 26], "ocspmuststaple_crit": [25, 26], "reject": [25, 26], "organizationnam": [25, 26, 40, 41, 44, 45, 46], "organizational_unit_nam": [25, 26], "organizationalunitnam": [25, 26], "privatekey_cont": [25, 26, 28, 36, 38, 42, 43, 46], "return_cont": [25, 27, 28, 32, 36, 42, 46], "state_or_province_nam": [25, 26], "st": [25, 26], "stateorprovincenam": [25, 26], "compon": [25, 26, 46], "subjectaltname_crit": [25, 26], "row": [25, 26, 46], "usecommonnameforsan": [25, 26], "fill": [25, 26], "2986": [25, 26], "unsupport": [25, 26], "inlin": [25, 26, 36, 43], "fr": 25, "dynam": 25, "with_dict": 25, "dns_server": 25, "special": 25, "digitalsignatur": [25, 26], "keyagr": [25, 26], "clientauth": [25, 26], "winrm": 25, "auth": 25, "311": 25, "utf8": 25, "pathlenconstraint": [25, 26], "privatekei": [25, 26, 28, 29, 32, 33, 36, 46], "dh": 27, "param": 27, "detect": [27, 28], "Or": 27, "dhparam": 27, "thom": 27, "wigger": 27, "thomwigg": 27, "pyopenssl": 28, "iter_s": 28, "maciter_s": 28, "export": [28, 29, 32, 33], "certificate_path": [28, 37, 38], "encryption_level": 28, "compatibility2022": 28, "softwar": 28, "38": [28, 32, 33, 36], "friendly_nam": 28, "friendli": 28, "50000": 28, "other_certif": 28, "ca_certif": 28, "other_certificates_parse_al": 28, "pkcs12": 28, "mechan": 28, "safe": 28, "addition": 28, "backward": 28, "opt": 28, "p12": 28, "raclett": 28, "ca_bundl": 28, "bundl": [28, 39], "0600": [28, 29, 32], "regen": 28, "guillaum": 28, "delpierr": 28, "gdelpierr": 28, "dest_passphras": 29, "dest_path": 29, "src_content": 29, "src_path": 29, "src_passphras": 29, "return_private_key_data": [30, 31], "private_data": [30, 31], "public_data": [30, 31, 34, 35], "fake": 31, "key_is_consist": 31, "check_consist": 31, "potenti": 31, "side": 31, "attack": 31, "machin": [31, 42, 43], "can_load_kei": 31, "can_parse_kei": 31, "eddsa": [32, 33], "particular": 32, "maxim": [32, 33], "interoper": [32, 33], "secp384r1": [32, 33], "secp256r1": [32, 33], "iana": [32, 33], "registri": [32, 33], "secp224r1": [32, 33], "secp256k1": [32, 33], "secp521r1": [32, 33], "discourag": [32, 33], "secp192r1": [32, 33], "brainpoolp256r1": [32, 33], "brainpoolp384r1": [32, 33], "brainpoolp512r1": [32, 33], "sect163k1": [32, 33], "sect163r2": [32, 33], "sect233k1": [32, 33], "sect233r1": [32, 33], "sect283k1": [32, 33], "sect283r1": [32, 33], "sect409k1": [32, 33], "sect409r1": [32, 33], "sect571k1": [32, 33], "sect571r1": [32, 33], "tradit": [32, 33], "auto_ignor": [32, 33], "mismatch": [32, 33], "format_mismatch": [32, 33], "everyth": [32, 33, 46], "treat": [32, 41, 46], "appropri": 32, "care": 32, "shown": 32, "reference_appendic": 32, "faq": 32, "minim": [32, 33], "hashlib": [32, 33, 36], "md5": [32, 33, 36], "84": [32, 33, 36], "72": [32, 33, 36], "8d": [32, 33, 36], "b5": [32, 33, 36], "6c": [32, 33, 36], "37": [32, 33, 36], "83": [32, 33, 36], "f5": [32, 33, 36], "4c": [32, 33, 36], "sha1": [32, 33, 36], "7c": [32, 33, 36], "5d": [32, 33, 36], "eb": [32, 33, 36], "41": [32, 33, 36], "7e": [32, 33, 36], "1a": [32, 33, 36], "c7": [32, 33, 36], "f8": [32, 33, 36], "sha224": [32, 33, 36], "19": [32, 33, 36], "ac": [32, 33, 36], "ed": [32, 33, 36], "18": [32, 33, 36, 42, 43], "50": [32, 33, 36], "d3": [32, 33, 36], "06": [32, 33, 36, 42, 43], "5c": [32, 33, 36], "b2": [32, 33, 36], "91": [32, 33, 36], "52": [32, 33, 36], "8c": [32, 33, 36], "cb": [32, 33, 36], "d5": [32, 33, 36], "e9": [32, 33, 36], "9b": [32, 33, 36], "46": [32, 33, 36], "ab": [32, 33, 36], "70": [32, 33, 36], "cf": [32, 33, 36], "76": [32, 33, 36], "4f": [32, 33, 36], "57": [32, 33, 36], "6e": [32, 33, 36], "97": [32, 33, 36], "df": [32, 33, 36], "de": [32, 33, 36], "sha384": [32, 33, 36], "d9": [32, 33, 36], "40": [32, 33, 36], "59": [32, 33, 36], "c3": [32, 33, 36], "a2": [32, 33, 36], "e4": [32, 33, 36], "0b": [32, 33, 36], "1c": [32, 33, 36], "0c": [32, 33, 36], "9e": [32, 33, 36], "af": [32, 33, 36], "da": [32, 33, 36], "2e": [32, 33, 36], "c0": [32, 33, 36], "9a": [32, 33, 36], "3a": [32, 33, 36], "3d": [32, 33, 36], "fd": [32, 33, 36], "5e": [32, 33, 36], "48": [32, 33, 36], "9f": [32, 33, 36], "fe": [32, 33, 36], "7f": [32, 33, 36], "3f": [32, 33, 36], "cd": [32, 33, 36], "a5": [32, 33, 36], "e7": [32, 33, 36], "13": [32, 33, 36, 46], "82": [32, 33, 36], "87": [32, 33, 36], "1f": [32, 33, 36], "28": [32, 33, 36], "53": [32, 33, 36], "86": [32, 33, 36], "69": [32, 33, 36], "35": [32, 33, 36], "1e": [32, 33, 36], "consol": 33, "relat": 33, "content_base64": 33, "return_current_kei": 33, "value_specified_in_no_log_paramet": 33, "async": 33, "reveal": 33, "TO": 33, "OR": 33, "IN": 33, "mozilla": 33, "sop": 33, "sops_encrypt": 33, "content_text": 33, "overwritten": 33, "set_fact": 33, "publickei": 36, "certificate_cont": [37, 43], "example_fil": [37, 38], "sig": [37, 38], "patrick": [37, 38], "pichler": [37, 38], "aveexi": [37, 38], "marku": [37, 38, 41, 42, 43], "teufelberg": [37, 38, 41, 42, 43], "markusteufelberg": [37, 38, 41, 42, 43], "word": [40, 41, 45], "whole": [40, 41], "issuer_ord": [40, 41, 44, 45, 46], "issuer_uri": [40, 41], "20190413202428z": [40, 41, 42, 44, 45, 46], "20190331202428z": [40, 41, 42, 46], "ocsp_uri": [40, 41], "respond": [40, 41], "1234": [40, 41, 44, 45, 46], "sha256withrsaencrypt": [40, 41, 42, 44, 45, 46], "openssl_certificate_info": 41, "short": [41, 42], "redirect": [41, 42], "fqcn": [41, 42], "dict": 41, "pattern": [41, 42, 43, 45, 46], "yyyymmddhhmmssz": [41, 42, 43, 45, 46], "csr_path": [41, 42, 43], "tomorrow": 41, "point_1": 41, "point_2": 41, "3w": 41, "notion": [42, 43], "openssl_certif": 42, "intend": [42, 43], "tini": 42, "acme_accountkey_path": 42, "accountkei": 42, "acme_chain": 42, "acme_challenge_path": 42, "3chost": 42, "3e": 42, "80": 42, "job": 42, "entrust_cert_typ": [42, 43], "entrust_not_aft": [42, 43], "stop": [42, 43], "365": [42, 43], "cover": [42, 43], "entrust_requester_email": [42, 43], "entrust_requester_nam": [42, 43], "entrust_requester_phon": [42, 43], "better": [42, 43], "ownca_cont": [42, 43], "ownca_create_authority_key_identifi": [42, 43], "ownca_create_subject_key_identifi": [42, 43], "ski": [42, 43], "create_if_not_provid": [42, 43], "always_cr": [42, 43], "never_cr": [42, 43], "ownca_digest": [42, 43], "On": [42, 43], "maco": [42, 43], "onward": [42, 43], "825": [42, 43], "appl": [42, 43], "en": [42, 43], "ht210176": [42, 43], "3650d": [42, 43], "ownca_privatekey_cont": [42, 43], "resp": [42, 43], "ownca_vers": [42, 43], "nowadai": [42, 43], "almost": [42, 43], "emul": 42, "selfsigned_create_subject_key_identifi": [42, 43], "selfsigned_digest": [42, 43], "selfsigned_notaft": [42, 43], "selfsigned_notbefor": [42, 43], "selfsigned_vers": [42, 43], "minut": [42, 43, 46], "mandatori": [42, 43, 46], "dedic": [42, 43], "onc": [42, 43, 46], "ansible_ca": 42, "assertonli": 42, "invalid_at": 42, "valid_in": 42, "one_day_ten_hour": 42, "1d10h": 42, "fixed_timestamp": 42, "20200331202428z": 42, "ten_second": 42, "result_csr": 42, "result_privatekei": 42, "sha512withrsaencrypt": 42, "subject_strict": 42, "issuer_strict": 42, "has_expir": 42, "key_usage_strict": 42, "extended_key_usage_strict": 42, "subject_alt_name_strict": 42, "ownca_cert": 43, "ownca_privatekei": 43, "hunter2": 43, "the_csr": 43, "list_revoked_certif": [44, 45], "larg": [44, 45], "enumer": [44, 45], "last_upd": [44, 45, 46], "next_upd": [44, 45, 46], "revoked_certif": [44, 45, 46], "invalidity_d": [44, 45, 46], "suspect": [44, 45, 46], "compromis": [44, 45, 46], "becam": [44, 45, 46], "invalidity_date_crit": [44, 45, 46], "issuer_crit": [44, 45, 46], "remove_from_crl": [44, 45, 46], "reason_crit": [44, 45, 46], "revocation_d": [44, 45, 46], "crl_mode": 46, "interest": 46, "collis": 46, "combin": 46, "2345": 46, "20191013152910z": 46, "20191001000000z": 46, "20191010010203z": 46}, "objects": {}, "objtypes": {}, "objnames": {}, "titleterms": {"commun": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "crypto": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "acme_account_fact": 0, "acme_account_info": 1, "modul": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 17, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "retriev": [1, 8, 15, 16, 23, 30, 34, 40, 44, 45], "inform": [1, 23, 24, 30, 31, 34, 35, 40, 41, 44, 45], "acm": [1, 2, 3, 4, 5, 6], "account": [1, 2], "synopsi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "requir": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "paramet": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46], "attribut": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 18, 19, 20, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 41, 42, 43, 45, 46], "note": [1, 2, 3, 4, 6, 11, 12, 14, 20, 25, 26, 37, 38, 41, 42, 43, 45, 46], "see": [1, 2, 3, 4, 5, 6, 11, 12, 15, 16, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45], "also": [1, 2, 3, 4, 5, 6, 11, 12, 15, 16, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45], "exampl": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "return": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "valu": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "author": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "collect": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "link": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 18, 19, 20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], "acme_account": 2, "creat": [2, 3, 9, 10], "modifi": 2, "delet": 2, "acme_certif": 3, "ssl": [3, 11], "tl": [3, 5, 11], "certif": [3, 4, 5, 7, 9, 10, 11, 12, 14, 19, 23, 24, 25, 26, 40, 41, 42, 43, 45, 46], "protocol": [3, 4], "acme_certificate_revok": 4, "revok": 4, "acme_challenge_cert_help": 5, "prepar": 5, "challeng": 5, "alpn": 5, "01": 5, "acme_inspect": 6, "send": 6, "direct": 6, "request": [6, 11, 12, 23, 24, 25, 26], "an": [6, 36], "server": 6, "certificate_complete_chain": 7, "complet": 7, "chain": 7, "given": 7, "set": [7, 9], "untrust": 7, "root": 7, "crypto_info": 8, "cryptograph": 8, "capabl": 8, "how": [9, 10], "small": 9, "ca": 9, "up": 9, "us": 9, "sign": [9, 10, 23, 24, 25, 26, 38], "self": 10, "ecs_certif": 11, "entrust": [11, 12], "servic": [11, 12], "ec": [11, 12], "api": [11, 12], "ecs_domain": 12, "valid": 12, "domain": 12, "index": [13, 17], "all": 13, "environ": 13, "variabl": 13, "get_certif": 14, "get": 14, "from": [14, 15, 16, 23, 30, 34, 36, 40, 44], "host": [14, 19], "port": 14, "gpg_fingerprint": [15, 16], "filter": [15, 17, 23, 30, 34, 39, 40, 44], "gpg": [15, 16], "fingerprint": [15, 16], "public": [15, 16, 20, 34, 35, 36], "privat": [15, 16, 20, 29, 30, 31, 32, 33, 36], "kei": [15, 16, 20, 29, 30, 31, 32, 33, 34, 35, 36], "input": [15, 23, 30, 34, 39, 40, 44], "lookup": [16, 17], "file": [16, 39], "term": 16, "descript": 17, "scenario": 17, "guid": 17, "plugin": 17, "luks_devic": 18, "manag": 18, "encrypt": 18, "luk": 18, "devic": 18, "openssh_cert": 19, "gener": [19, 20, 25, 26, 27, 28, 32, 33, 36, 42, 43, 46], "openssh": [19, 20], "user": 19, "openssh_keypair": 20, "openssl_certificate_info": 21, "openssl_certif": 22, "openssl_csr_info": [23, 24], "openssl": [23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 41, 42, 43], "csr": [23, 24, 25, 26], "keyword": [23, 30, 40, 44], "provid": [24, 31, 35, 41], "openssl_csr": 25, "openssl_csr_pip": 26, "openssl_dhparam": 27, "diffi": 27, "hellman": 27, "openssl_pkcs12": 28, "pkc": 28, "12": 28, "archiv": 28, "openssl_privatekey_convert": 29, "convert": 29, "openssl_privatekey_info": [30, 31], "openssl_privatekei": 32, "openssl_privatekey_pip": 33, "without": 33, "disk": 33, "access": 33, "openssl_publickey_info": [34, 35], "pem": [34, 39, 40, 44], "format": [34, 40, 44], "openssl_publickei": 36, "its": 36, "openssl_signature_info": 37, "verifi": 37, "signatur": 37, "openssl_signatur": 38, "data": 38, "split_pem": 39, "split": 39, "content": 39, "multipl": 39, "object": 39, "x509_certificate_info": [40, 41], "x": [40, 41, 44], "509": [40, 41, 44], "x509_certif": 42, "check": [42, 43], "x509_certificate_pip": 43, "x509_crl_info": [44, 45], "crl": [44, 45, 46], "revoc": [45, 46], "list": [45, 46], "x509_crl": 46}, "envversion": {"sphinx.domains.c": 3, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 9, "sphinx.domains.index": 1, "sphinx.domains.javascript": 3, "sphinx.domains.math": 2, "sphinx.domains.python": 4, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1, "sphinx": 60}, "alltitles": {"community.crypto.acme_account_facts": [[0, "community-crypto-acme-account-facts"]], "community.crypto.acme_account_info module \u2013 Retrieves information on ACME accounts": [[1, "community-crypto-acme-account-info-module-retrieves-information-on-acme-accounts"]], "Synopsis": [[1, "synopsis"], [2, "synopsis"], [3, "synopsis"], [4, "synopsis"], [5, "synopsis"], [6, "synopsis"], [7, "synopsis"], [8, "synopsis"], [11, "synopsis"], [12, "synopsis"], [14, "synopsis"], [15, "synopsis"], [16, "synopsis"], [18, "synopsis"], [19, "synopsis"], [20, "synopsis"], [23, "synopsis"], [24, "synopsis"], [25, "synopsis"], [26, "synopsis"], [27, "synopsis"], [28, "synopsis"], [29, "synopsis"], [30, "synopsis"], [31, "synopsis"], [32, "synopsis"], [33, "synopsis"], [34, "synopsis"], [35, "synopsis"], [36, "synopsis"], [37, "synopsis"], [38, "synopsis"], [39, "synopsis"], [40, "synopsis"], [41, "synopsis"], [42, "synopsis"], [43, "synopsis"], [44, "synopsis"], [45, "synopsis"], [46, "synopsis"]], "Requirements": [[1, "requirements"], [2, "requirements"], [3, "requirements"], [4, "requirements"], [5, "requirements"], [6, "requirements"], [7, "requirements"], [11, "requirements"], [12, "requirements"], [14, "requirements"], [15, "requirements"], [16, "requirements"], [18, "requirements"], [19, "requirements"], [20, "requirements"], [23, "requirements"], [24, "requirements"], [25, "requirements"], [26, "requirements"], [27, "requirements"], [28, "requirements"], [29, "requirements"], [30, "requirements"], [31, "requirements"], [32, "requirements"], [33, "requirements"], [35, "requirements"], [36, "requirements"], [37, "requirements"], [38, "requirements"], [40, "requirements"], [41, "requirements"], [42, "requirements"], [43, "requirements"], [44, "requirements"], [45, "requirements"], [46, "requirements"]], "Parameters": [[1, "parameters"], [2, "parameters"], [3, "parameters"], [4, "parameters"], [5, "parameters"], [6, "parameters"], [7, "parameters"], [11, "parameters"], [12, "parameters"], [14, "parameters"], [18, "parameters"], [19, "parameters"], [20, "parameters"], [24, "parameters"], [25, "parameters"], [26, "parameters"], [27, "parameters"], [28, "parameters"], [29, "parameters"], [31, "parameters"], [32, "parameters"], [33, "parameters"], [35, "parameters"], [36, "parameters"], [37, "parameters"], [38, "parameters"], [41, "parameters"], [42, "parameters"], [43, "parameters"], [45, "parameters"], [46, "parameters"]], "Attributes": [[1, "attributes"], [2, "attributes"], [3, "attributes"], [4, "attributes"], [5, "attributes"], [6, "attributes"], [7, "attributes"], [8, "attributes"], [11, "attributes"], [12, "attributes"], [14, "attributes"], [18, "attributes"], [19, "attributes"], [20, "attributes"], [24, "attributes"], [25, "attributes"], [26, "attributes"], [27, "attributes"], [28, "attributes"], [29, "attributes"], [31, "attributes"], [32, "attributes"], [33, "attributes"], [35, "attributes"], [36, "attributes"], [37, "attributes"], [38, "attributes"], [41, "attributes"], [42, "attributes"], [43, "attributes"], [45, "attributes"], [46, "attributes"]], "Notes": [[1, "notes"], [2, "notes"], [3, "notes"], [4, "notes"], [6, "notes"], [11, "notes"], [12, "notes"], [14, "notes"], [20, "notes"], [25, "notes"], [26, "notes"], [37, "notes"], [38, "notes"], [41, "notes"], [42, "notes"], [43, "notes"], [45, "notes"], [46, "notes"]], "See Also": [[1, "see-also"], [2, "see-also"], [3, "see-also"], [4, "see-also"], [5, "see-also"], [6, "see-also"], [11, "see-also"], [12, "see-also"], [15, "see-also"], [16, "see-also"], [23, "see-also"], [24, "see-also"], [25, "see-also"], [26, "see-also"], [27, "see-also"], [28, "see-also"], [29, "see-also"], [30, "see-also"], [31, "see-also"], [32, "see-also"], [33, "see-also"], [34, "see-also"], [35, "see-also"], [36, "see-also"], [37, "see-also"], [38, "see-also"], [40, "see-also"], [41, "see-also"], [42, "see-also"], [43, "see-also"], [44, "see-also"], [45, "see-also"]], "Examples": [[1, "examples"], [2, "examples"], [3, "examples"], [4, "examples"], [5, "examples"], [6, "examples"], [7, "examples"], [8, "examples"], [11, "examples"], [12, "examples"], [14, "examples"], [15, "examples"], [16, "examples"], [18, "examples"], [19, "examples"], [20, "examples"], [23, "examples"], [24, "examples"], [25, "examples"], [26, "examples"], [27, "examples"], [28, "examples"], [29, "examples"], [30, "examples"], [31, "examples"], [32, "examples"], [33, "examples"], [34, "examples"], [35, "examples"], [36, "examples"], [37, "examples"], [38, "examples"], [39, "examples"], [40, "examples"], [41, "examples"], [42, "examples"], [43, "examples"], [44, "examples"], [45, "examples"], [46, "examples"]], "Return Values": [[1, "return-values"], [2, "return-values"], [3, "return-values"], [5, "return-values"], [6, "return-values"], [7, "return-values"], [8, "return-values"], [11, "return-values"], [12, "return-values"], [14, "return-values"], [18, "return-values"], [19, "return-values"], [20, "return-values"], [24, "return-values"], [25, "return-values"], [26, "return-values"], [27, "return-values"], [28, "return-values"], [29, "return-values"], [31, "return-values"], [32, "return-values"], [33, "return-values"], [35, "return-values"], [36, "return-values"], [37, "return-values"], [38, "return-values"], [41, "return-values"], [42, "return-values"], [43, "return-values"], [45, "return-values"], [46, "return-values"]], "Authors": [[1, "authors"], [2, "authors"], [3, "authors"], [4, "authors"], [5, "authors"], [6, "authors"], [7, "authors"], [8, "authors"], [11, "authors"], [12, "authors"], [14, "authors"], [15, "authors"], [16, "authors"], [18, "authors"], [19, "authors"], [20, "authors"], [23, "authors"], [24, "authors"], [25, "authors"], [26, "authors"], [27, "authors"], [28, "authors"], [29, "authors"], [30, "authors"], [31, "authors"], [32, "authors"], [33, "authors"], [34, "authors"], [35, "authors"], [36, "authors"], [37, "authors"], [38, "authors"], [39, "authors"], [40, "authors"], [41, "authors"], [42, "authors"], [43, "authors"], [44, "authors"], [45, "authors"], [46, "authors"]], "Collection links": [[1, "collection-links"], [2, "collection-links"], [3, "collection-links"], [4, "collection-links"], [5, "collection-links"], [6, "collection-links"], [7, "collection-links"], [8, "collection-links"], [11, "collection-links"], [12, "collection-links"], [14, "collection-links"], [15, "collection-links"], [16, "collection-links"], [18, "collection-links"], [19, "collection-links"], [20, "collection-links"], [23, "collection-links"], [24, "collection-links"], [25, "collection-links"], [26, "collection-links"], [27, "collection-links"], [28, "collection-links"], [29, "collection-links"], [30, "collection-links"], [31, "collection-links"], [32, "collection-links"], [33, "collection-links"], [34, "collection-links"], [35, "collection-links"], [36, "collection-links"], [37, "collection-links"], [38, "collection-links"], [39, "collection-links"], [40, "collection-links"], [41, "collection-links"], [42, "collection-links"], [43, "collection-links"], [44, "collection-links"], [45, "collection-links"], [46, "collection-links"]], "community.crypto.acme_account module \u2013 Create, modify or delete ACME accounts": [[2, "community-crypto-acme-account-module-create-modify-or-delete-acme-accounts"]], "community.crypto.acme_certificate module \u2013 Create SSL/TLS certificates with the ACME protocol": [[3, "community-crypto-acme-certificate-module-create-ssl-tls-certificates-with-the-acme-protocol"]], "community.crypto.acme_certificate_revoke module \u2013 Revoke certificates with the ACME protocol": [[4, "community-crypto-acme-certificate-revoke-module-revoke-certificates-with-the-acme-protocol"]], "community.crypto.acme_challenge_cert_helper module \u2013 Prepare certificates required for ACME challenges such as tls-alpn-01": [[5, "community-crypto-acme-challenge-cert-helper-module-prepare-certificates-required-for-acme-challenges-such-as-tls-alpn-01"]], "community.crypto.acme_inspect module \u2013 Send direct requests to an ACME server": [[6, "community-crypto-acme-inspect-module-send-direct-requests-to-an-acme-server"]], "community.crypto.certificate_complete_chain module \u2013 Complete certificate chain given a set of untrusted and root certificates": [[7, "community-crypto-certificate-complete-chain-module-complete-certificate-chain-given-a-set-of-untrusted-and-root-certificates"]], "community.crypto.crypto_info module \u2013 Retrieve cryptographic capabilities": [[8, "community-crypto-crypto-info-module-retrieve-cryptographic-capabilities"]], "How to create a small CA": [[9, "how-to-create-a-small-ca"]], "Set up the CA": [[9, "set-up-the-ca"]], "Use the CA to sign a certificate": [[9, "use-the-ca-to-sign-a-certificate"]], "How to create self-signed certificates": [[10, "how-to-create-self-signed-certificates"]], "community.crypto.ecs_certificate module \u2013 Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API": [[11, "community-crypto-ecs-certificate-module-request-ssl-tls-certificates-with-the-entrust-certificate-services-ecs-api"]], "community.crypto.ecs_domain module \u2013 Request validation of a domain with the Entrust Certificate Services (ECS) API": [[12, "community-crypto-ecs-domain-module-request-validation-of-a-domain-with-the-entrust-certificate-services-ecs-api"]], "Index of all Collection Environment Variables": [[13, "index-of-all-collection-environment-variables"]], "community.crypto.get_certificate module \u2013 Get a certificate from a host:port": [[14, "community-crypto-get-certificate-module-get-a-certificate-from-a-host-port"]], "community.crypto.gpg_fingerprint filter \u2013 Retrieve a GPG fingerprint from a GPG public or private key": [[15, "community-crypto-gpg-fingerprint-filter-retrieve-a-gpg-fingerprint-from-a-gpg-public-or-private-key"]], "Input": [[15, "input"], [23, "input"], [30, "input"], [34, "input"], [39, "input"], [40, "input"], [44, "input"]], "Return Value": [[15, "return-value"], [16, "return-value"], [23, "return-value"], [30, "return-value"], [34, "return-value"], [39, "return-value"], [40, "return-value"], [44, "return-value"]], "community.crypto.gpg_fingerprint lookup \u2013 Retrieve a GPG fingerprint from a GPG public or private key file": [[16, "community-crypto-gpg-fingerprint-lookup-retrieve-a-gpg-fingerprint-from-a-gpg-public-or-private-key-file"]], "Terms": [[16, "terms"]], "Community.Crypto": [[17, "community-crypto"]], "Description": [[17, "description"]], "Communication": [[17, "communication"]], "Scenario Guides": [[17, "scenario-guides"]], "Plugin Index": [[17, "plugin-index"]], "Modules": [[17, "modules"]], "Filter Plugins": [[17, "filter-plugins"]], "Lookup Plugins": [[17, "lookup-plugins"]], "community.crypto.luks_device module \u2013 Manage encrypted (LUKS) devices": [[18, "community-crypto-luks-device-module-manage-encrypted-luks-devices"]], "community.crypto.openssh_cert module \u2013 Generate OpenSSH host or user certificates.": [[19, "community-crypto-openssh-cert-module-generate-openssh-host-or-user-certificates"]], "community.crypto.openssh_keypair module \u2013 Generate OpenSSH private and public keys": [[20, "community-crypto-openssh-keypair-module-generate-openssh-private-and-public-keys"]], "community.crypto.openssl_certificate_info": [[21, "community-crypto-openssl-certificate-info"]], "community.crypto.openssl_certificate": [[22, "community-crypto-openssl-certificate"]], "community.crypto.openssl_csr_info filter \u2013 Retrieve information from OpenSSL Certificate Signing Requests (CSR)": [[23, "community-crypto-openssl-csr-info-filter-retrieve-information-from-openssl-certificate-signing-requests-csr"]], "Keyword parameters": [[23, "keyword-parameters"], [30, "keyword-parameters"], [40, "keyword-parameters"], [44, "keyword-parameters"]], "community.crypto.openssl_csr_info module \u2013 Provide information of OpenSSL Certificate Signing Requests (CSR)": [[24, "community-crypto-openssl-csr-info-module-provide-information-of-openssl-certificate-signing-requests-csr"]], "community.crypto.openssl_csr module \u2013 Generate OpenSSL Certificate Signing Request (CSR)": [[25, "community-crypto-openssl-csr-module-generate-openssl-certificate-signing-request-csr"]], "community.crypto.openssl_csr_pipe module \u2013 Generate OpenSSL Certificate Signing Request (CSR)": [[26, "community-crypto-openssl-csr-pipe-module-generate-openssl-certificate-signing-request-csr"]], "community.crypto.openssl_dhparam module \u2013 Generate OpenSSL Diffie-Hellman Parameters": [[27, "community-crypto-openssl-dhparam-module-generate-openssl-diffie-hellman-parameters"]], "community.crypto.openssl_pkcs12 module \u2013 Generate OpenSSL PKCS#12 archive": [[28, "community-crypto-openssl-pkcs12-module-generate-openssl-pkcs-12-archive"]], "community.crypto.openssl_privatekey_convert module \u2013 Convert OpenSSL private keys": [[29, "community-crypto-openssl-privatekey-convert-module-convert-openssl-private-keys"]], "community.crypto.openssl_privatekey_info filter \u2013 Retrieve information from OpenSSL private keys": [[30, "community-crypto-openssl-privatekey-info-filter-retrieve-information-from-openssl-private-keys"]], "community.crypto.openssl_privatekey_info module \u2013 Provide information for OpenSSL private keys": [[31, "community-crypto-openssl-privatekey-info-module-provide-information-for-openssl-private-keys"]], "community.crypto.openssl_privatekey module \u2013 Generate OpenSSL private keys": [[32, "community-crypto-openssl-privatekey-module-generate-openssl-private-keys"]], "community.crypto.openssl_privatekey_pipe module \u2013 Generate OpenSSL private keys without disk access": [[33, "community-crypto-openssl-privatekey-pipe-module-generate-openssl-private-keys-without-disk-access"]], "community.crypto.openssl_publickey_info filter \u2013 Retrieve information from OpenSSL public keys in PEM format": [[34, "community-crypto-openssl-publickey-info-filter-retrieve-information-from-openssl-public-keys-in-pem-format"]], "community.crypto.openssl_publickey_info module \u2013 Provide information for OpenSSL public keys": [[35, "community-crypto-openssl-publickey-info-module-provide-information-for-openssl-public-keys"]], "community.crypto.openssl_publickey module \u2013 Generate an OpenSSL public key from its private key.": [[36, "community-crypto-openssl-publickey-module-generate-an-openssl-public-key-from-its-private-key"]], "community.crypto.openssl_signature_info module \u2013 Verify signatures with openssl": [[37, "community-crypto-openssl-signature-info-module-verify-signatures-with-openssl"]], "community.crypto.openssl_signature module \u2013 Sign data with openssl": [[38, "community-crypto-openssl-signature-module-sign-data-with-openssl"]], "community.crypto.split_pem filter \u2013 Split PEM file contents into multiple objects": [[39, "community-crypto-split-pem-filter-split-pem-file-contents-into-multiple-objects"]], "community.crypto.x509_certificate_info filter \u2013 Retrieve information from X.509 certificates in PEM format": [[40, "community-crypto-x509-certificate-info-filter-retrieve-information-from-x-509-certificates-in-pem-format"]], "community.crypto.x509_certificate_info module \u2013 Provide information of OpenSSL X.509 certificates": [[41, "community-crypto-x509-certificate-info-module-provide-information-of-openssl-x-509-certificates"]], "community.crypto.x509_certificate module \u2013 Generate and/or check OpenSSL certificates": [[42, "community-crypto-x509-certificate-module-generate-and-or-check-openssl-certificates"]], "community.crypto.x509_certificate_pipe module \u2013 Generate and/or check OpenSSL certificates": [[43, "community-crypto-x509-certificate-pipe-module-generate-and-or-check-openssl-certificates"]], "community.crypto.x509_crl_info filter \u2013 Retrieve information from X.509 CRLs in PEM format": [[44, "community-crypto-x509-crl-info-filter-retrieve-information-from-x-509-crls-in-pem-format"]], "community.crypto.x509_crl_info module \u2013 Retrieve information on Certificate Revocation Lists (CRLs)": [[45, "community-crypto-x509-crl-info-module-retrieve-information-on-certificate-revocation-lists-crls"]], "community.crypto.x509_crl module \u2013 Generate Certificate Revocation Lists (CRLs)": [[46, "community-crypto-x509-crl-module-generate-certificate-revocation-lists-crls"]]}, "indexentries": {}}) \ No newline at end of file diff --git a/branch/main/split_pem_filter.html b/branch/main/split_pem_filter.html index dae9ec68..4a740bcf 100644 --- a/branch/main/split_pem_filter.html +++ b/branch/main/split_pem_filter.html @@ -2,6 +2,7 @@ + community.crypto.split_pem filter – Split PEM file contents into multiple objects — Community.Crypto Collection documentation @@ -168,6 +169,8 @@

        Note

        This filter plugin is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto.

        To use it in a playbook, specify: community.crypto.split_pem.

        @@ -189,7 +192,7 @@

        Input

        This describes the input of the filter, the value before | community.crypto.split_pem.

        -

        Key

        Description

        Base64 encoded signature.

        -

        Returned: success

        +

        Returned: success
        +
        @@ -218,7 +221,7 @@

        Return Value

        -

        Parameter

        Comments

        +
        @@ -230,7 +233,7 @@

        list / elements=string

         @@ -247,13 +250,14 @@ + + diff --git a/branch/main/x509_certificate_info_filter.html b/branch/main/x509_certificate_info_filter.html index eca14b01..7e87d818 100644 --- a/branch/main/x509_certificate_info_filter.html +++ b/branch/main/x509_certificate_info_filter.html @@ -2,6 +2,7 @@ + community.crypto.x509_certificate_info filter – Retrieve information from X.509 certificates in PEM format — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This filter plugin is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this filter plugin, see Requirements for details.

        @@ -205,7 +208,7 @@ see

        Input

        This describes the input of the filter, the value before | community.crypto.x509_certificate_info.

        -

        Key

        Description

        A list of PEM file contents.

        -

        Returned: success

        +

        Returned: success
        +
        @@ -226,7 +229,7 @@ see Keyword parameters

        This describes keyword parameters of the filter. These are the values key1=value1, key2=value2 and so on in the following example: input | community.crypto.x509_certificate_info(key1=value1, key2=value2, ...)

        -

        Parameter

        Comments

        +
        @@ -242,9 +245,9 @@ example: inputidna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

        unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

        Note that idna and unicode require the idna Python library to be installed.

        -

        Choices:

        +

        Choices:

          -

        • "ignore" ← (default)

          • +

        • "ignore" ← (default)

        • "idna"

        • "unicode"

        @@ -279,7 +282,7 @@ example: input

        Return Value

        -

        Parameter

        Comments

        +
        @@ -291,7 +294,7 @@ example: input

        dictionary

         @@ -702,13 +705,14 @@ example: input + + diff --git a/branch/main/x509_certificate_info_module.html b/branch/main/x509_certificate_info_module.html index 99044ca5..d40e768b 100644 --- a/branch/main/x509_certificate_info_module.html +++ b/branch/main/x509_certificate_info_module.html @@ -2,6 +2,7 @@ + community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -207,7 +210,7 @@ see

        Parameters

        -

        Key

        Description

        Information on the certificate.

        -

        Returned: success

        +

        Returned: success
        @@ -301,8 +304,8 @@ example: input

        The certificate’s authority cert issuer as a list of general names.

        Is none if the AuthorityKeyIdentifier extension is not present.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

        +

        Returned: success

        +

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]
        @@ -311,8 +314,8 @@ example: input

        The certificate’s authority cert serial number.

        Is none if the AuthorityKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: 12345

        +

        Returned: success

        +

        Sample: 12345
        @@ -322,8 +325,8 @@ example: input

        The certificate’s authority key identifier.

        The identifier is returned in hexadecimal, with : used to separate bytes.

        Is none if the AuthorityKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

        +

        Returned: success

        +

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"
        @@ -331,8 +334,8 @@ example: input

        list / elements=string

        Entries in the basic_constraints extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: ["CA:TRUE", "pathlen:1"]

        +

        Returned: success

        +

        Sample: ["CA:TRUE", "pathlen:1"]
        @@ -340,7 +343,7 @@ example: input

        boolean

        Whether the basic_constraints extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -348,7 +351,7 @@ example: input

        boolean

        Whether the certificate is expired (in other words, notAfter is in the past).

        -

        Returned: success

        +

        Returned: success
        @@ -356,8 +359,8 @@ example: input

        list / elements=string

        Entries in the extended_key_usage extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: ["Biometric Info", "DVCS", "Time Stamping"]

        +

        Returned: success

        +

        Sample: ["Biometric Info", "DVCS", "Time Stamping"]
        @@ -365,7 +368,7 @@ example: input

        boolean

        Whether the extended_key_usage extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -373,8 +376,8 @@ example: input

        dictionary

        Returns a dictionary for every extension OID.

        -

        Returned: success

        -

        Sample: {"1.3.6.1.5.5.7.1.24": {"critical": false, "value": "MAMCAQU="}}

        +

        Returned: success

        +

        Sample: {"1.3.6.1.5.5.7.1.24": {"critical": false, "value": "MAMCAQU="}}
        @@ -382,7 +385,7 @@ example: input

        boolean

        Whether the extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -391,8 +394,8 @@ example: input

        The Base64 encoded value (in DER format) of the extension.

        Note that depending on the cryptography version used, it is not possible to extract the ASN.1 content of the extension, but only to provide the re-encoded content of the extension in case it was parsed by cryptography. This should usually result in exactly the same value, except if the original extension value was malformed.

        -

        Returned: success

        -

        Sample: "MAMCAQU="

        +

        Returned: success

        +

        Sample: "MAMCAQU="
        @@ -401,8 +404,8 @@ example: input

        Fingerprints of the DER-encoded form of the whole certificate.

        For every hash algorithm available, the fingerprint is computed.

        -

        Returned: success

        -

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        +

        Returned: success

        +

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."
        @@ -411,8 +414,8 @@ example: input

        The certificate’s issuer.

        Note that for repeated values, only the last one will be returned.

        -

        Returned: success

        -

        Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}

        +

        Returned: success

        +

        Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}
        @@ -420,8 +423,8 @@ example: input

        list / elements=list

        The certificate’s issuer as an ordered list of tuples.

        -

        Returned: success

        -

        Sample: [["organizationName", "Ansible"], [{"commonName": "ca.example.com"}]]

        +

        Returned: success

        +

        Sample: [["organizationName", "Ansible"], [{"commonName": "ca.example.com"}]]
        @@ -429,7 +432,7 @@ example: input

        string

        The Issuer URI, if included in the certificate. Will be none if no issuer URI is included.

        -

        Returned: success

        +

        Returned: success
        @@ -437,8 +440,8 @@ example: input

        string

        Entries in the key_usage extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: "['Key Agreement', 'Data Encipherment']"

        +

        Returned: success

        +

        Sample: "['Key Agreement', 'Data Encipherment']"
        @@ -446,7 +449,7 @@ example: input

        boolean

        Whether the key_usage extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -454,8 +457,8 @@ example: input

        string

        notAfter date as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -463,8 +466,8 @@ example: input

        string

        notBefore date as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190331202428Z"

        +

        Returned: success

        +

        Sample: "20190331202428Z"
        @@ -472,7 +475,7 @@ example: input

        boolean

        true if the OCSP Must Staple extension is present, none otherwise.

        -

        Returned: success

        +

        Returned: success
        @@ -480,7 +483,7 @@ example: input

        boolean

        Whether the ocsp_must_staple extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -488,7 +491,7 @@ example: input

        string

        The OCSP responder URI, if included in the certificate. Will be none if no OCSP responder URI is included.

        -

        Returned: success

        +

        Returned: success
        @@ -496,8 +499,8 @@ example: input

        string

        Certificate’s public key in PEM format.

        -

        Returned: success

        -

        Sample: "-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."

        +

        Returned: success

        +

        Sample: "-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."
        @@ -505,7 +508,7 @@ example: input

        dictionary

        Public key data. Depends on the public key’s type.

        -

        Returned: success

        +

        Returned: success
        @@ -513,7 +516,7 @@ example: input

        string

        The curve’s name for ECC.

        -

        Returned: When _value.public_key_type=ECC

        +

        Returned: When _value.public_key_type=ECC
        @@ -521,7 +524,7 @@ example: input

        integer

        The RSA key’s public exponent.

        -

        Returned: When _value.public_key_type=RSA

        +

        Returned: When _value.public_key_type=RSA
        @@ -529,7 +532,7 @@ example: input

        integer

        The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

        -

        Returned: When _value.public_key_type=ECC

        +

        Returned: When _value.public_key_type=ECC
        @@ -538,7 +541,7 @@ example: input

        The g value for DSA.

        This is the element spanning the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When _value.public_key_type=DSA

        +

        Returned: When _value.public_key_type=DSA
        @@ -546,7 +549,7 @@ example: input

        integer

        The RSA key’s modulus.

        -

        Returned: When _value.public_key_type=RSA

        +

        Returned: When _value.public_key_type=RSA
        @@ -555,7 +558,7 @@ example: input

        The p value for DSA.

        This is the prime modulus upon which arithmetic takes place.

        -

        Returned: When _value.public_key_type=DSA

        +

        Returned: When _value.public_key_type=DSA
        @@ -564,7 +567,7 @@ example: input

        The q value for DSA.

        This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When _value.public_key_type=DSA

        +

        Returned: When _value.public_key_type=DSA
        @@ -572,7 +575,7 @@ example: input

        integer

        Bit size of modulus (RSA) or prime number (DSA).

        -

        Returned: When _value.public_key_type=RSA or _value.public_key_type=DSA

        +

        Returned: When _value.public_key_type=RSA or _value.public_key_type=DSA
        @@ -580,7 +583,7 @@ example: input

        integer

        The x coordinate for the public point on the elliptic curve.

        -

        Returned: When _value.public_key_type=ECC

        +

        Returned: When _value.public_key_type=ECC
        @@ -589,7 +592,7 @@ example: input

        For _value.public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

        For _value.public_key_type=DSA, this is the publicly known group element whose discrete logarithm with respect to g is the private key.

        -

        Returned: When _value.public_key_type=DSA or _value.public_key_type=ECC

        +

        Returned: When _value.public_key_type=DSA or _value.public_key_type=ECC
        @@ -598,8 +601,8 @@ example: input

        Fingerprints of certificate’s public key.

        For every hash algorithm available, the fingerprint is computed.

        -

        Returned: success

        -

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        +

        Returned: success

        +

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."
        @@ -609,8 +612,8 @@ example: input

        The certificate’s public key’s type.

        One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

        Will start with unknown if the key type cannot be determined.

        -

        Returned: success

        -

        Sample: "RSA"

        +

        Returned: success

        +

        Sample: "RSA"
        @@ -618,8 +621,8 @@ example: input

        integer

        The certificate’s serial number.

        -

        Returned: success

        -

        Sample: 1234

        +

        Returned: success

        +

        Sample: 1234
        @@ -627,8 +630,8 @@ example: input

        string

        The signature algorithm used to sign the certificate.

        -

        Returned: success

        -

        Sample: "sha256WithRSAEncryption"

        +

        Returned: success

        +

        Sample: "sha256WithRSAEncryption"
        @@ -637,8 +640,8 @@ example: input

        The certificate’s subject as a dictionary.

        Note that for repeated values, only the last one will be returned.

        -

        Returned: success

        -

        Sample: {"commonName": "www.example.com", "emailAddress": "test@example.com"}

        +

        Returned: success

        +

        Sample: {"commonName": "www.example.com", "emailAddress": "test@example.com"}
        @@ -647,8 +650,8 @@ example: input

        Entries in the subject_alt_name extension, or none if extension is not present.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

        +

        Returned: success

        +

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]
        @@ -656,7 +659,7 @@ example: input

        boolean

        Whether the subject_alt_name extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -666,8 +669,8 @@ example: input

        The certificate’s subject key identifier.

        The identifier is returned in hexadecimal, with : used to separate bytes.

        Is none if the SubjectKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

        +

        Returned: success

        +

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"
        @@ -675,8 +678,8 @@ example: input

        list / elements=list

        The certificate’s subject as an ordered list of tuples.

        -

        Returned: success

        -

        Sample: [["commonName", "www.example.com"], [{"emailAddress": "test@example.com"}]]

        +

        Returned: success

        +

        Sample: [["commonName", "www.example.com"], [{"emailAddress": "test@example.com"}]]
        @@ -684,8 +687,8 @@ example: input

        integer

        The certificate version.

        -

        Returned: success

        -

        Sample: 3

        +

        Returned: success

        +

        Sample: 3
        +
        @@ -217,7 +220,7 @@ see @@ -278,7 +281,7 @@ see

        Attributes

        -

        Parameter

        Comments

        content

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Content of the X.509 certificate in PEM format.

        Either path or content must be specified, but not both.

        @@ -232,9 +235,9 @@ see idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

        unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

        Note that idna and unicode require the idna Python library to be installed.

        -

        Choices:

        +

        Choices:

          -

        • "ignore" ← (default)

          • +

        • "ignore" ← (default)

        • "idna"

        • "unicode"

        @@ -256,9 +259,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        +
        @@ -289,7 +292,7 @@ see - -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        This action does not modify state.

        Can run in check_mode and return changed status prediction without modifying target.

        @@ -298,7 +301,7 @@ see

        diff_mode

        Support: N/A

        +

        Support: N/A

        This action does not modify state.

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        @@ -376,7 +379,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        - +
        @@ -390,8 +393,8 @@ see

        The certificate’s authority cert issuer as a list of general names.

        Is none if the AuthorityKeyIdentifier extension is not present.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

        +

        Returned: success

        +

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

        @@ -801,13 +804,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/x509_certificate_module.html b/branch/main/x509_certificate_module.html index 91f5cd39..6a030ace 100644 --- a/branch/main/x509_certificate_module.html +++ b/branch/main/x509_certificate_module.html @@ -2,6 +2,7 @@ +community.crypto.x509_certificate module – Generate and/or check OpenSSL certificates — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -210,7 +213,7 @@ see

        Parameters

        -

        Key

        Description
        @@ -400,8 +403,8 @@ see

        The certificate’s authority cert serial number.

        Is none if the AuthorityKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: 12345

        +

        Returned: success

        +

        Sample: 12345
        @@ -411,8 +414,8 @@ see

        The certificate’s authority key identifier.

        The identifier is returned in hexadecimal, with : used to separate bytes.

        Is none if the AuthorityKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

        +

        Returned: success

        +

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"
        @@ -420,8 +423,8 @@ see

        list / elements=string

        Entries in the basic_constraints extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: ["CA:TRUE", "pathlen:1"]

        +

        Returned: success

        +

        Sample: ["CA:TRUE", "pathlen:1"]
        @@ -429,7 +432,7 @@ see

        boolean

        Whether the basic_constraints extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -437,7 +440,7 @@ see

        boolean

        Whether the certificate is expired (in other words, notAfter is in the past).

        -

        Returned: success

        +

        Returned: success
        @@ -445,8 +448,8 @@ see

        list / elements=string

        Entries in the extended_key_usage extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: ["Biometric Info", "DVCS", "Time Stamping"]

        +

        Returned: success

        +

        Sample: ["Biometric Info", "DVCS", "Time Stamping"]
        @@ -454,7 +457,7 @@ see

        boolean

        Whether the extended_key_usage extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -462,8 +465,8 @@ see

        dictionary

        Returns a dictionary for every extension OID.

        -

        Returned: success

        -

        Sample: {"1.3.6.1.5.5.7.1.24": {"critical": false, "value": "MAMCAQU="}}

        +

        Returned: success

        +

        Sample: {"1.3.6.1.5.5.7.1.24": {"critical": false, "value": "MAMCAQU="}}
        @@ -471,7 +474,7 @@ see

        boolean

        Whether the extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -480,19 +483,19 @@ see

        The Base64 encoded value (in DER format) of the extension.

        Note that depending on the cryptography version used, it is not possible to extract the ASN.1 content of the extension, but only to provide the re-encoded content of the extension in case it was parsed by cryptography. This should usually result in exactly the same value, except if the original extension value was malformed.

        -

        Returned: success

        -

        Sample: "MAMCAQU="

        +

        Returned: success

        +

        Sample: "MAMCAQU="

        fingerprints

        dictionary

        -

        added in community.crypto 1.2.0

        +

        added in community.crypto 1.2.0

        Fingerprints of the DER-encoded form of the whole certificate.

        For every hash algorithm available, the fingerprint is computed.

        -

        Returned: success

        -

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        +

        Returned: success

        +

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."
        @@ -501,8 +504,8 @@ see

        The certificate’s issuer.

        Note that for repeated values, only the last one will be returned.

        -

        Returned: success

        -

        Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}

        +

        Returned: success

        +

        Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}
        @@ -510,17 +513,17 @@ see

        list / elements=list

        The certificate’s issuer as an ordered list of tuples.

        -

        Returned: success

        -

        Sample: [["organizationName", "Ansible"], [{"commonName": "ca.example.com"}]]

        +

        Returned: success

        +

        Sample: [["organizationName", "Ansible"], [{"commonName": "ca.example.com"}]]

        issuer_uri

        string

        -

        added in community.crypto 2.9.0

        +

        added in community.crypto 2.9.0

        The Issuer URI, if included in the certificate. Will be none if no issuer URI is included.

        -

        Returned: success

        +

        Returned: success
        @@ -528,8 +531,8 @@ see

        string

        Entries in the key_usage extension, or none if extension is not present.

        -

        Returned: success

        -

        Sample: "['Key Agreement', 'Data Encipherment']"

        +

        Returned: success

        +

        Sample: "['Key Agreement', 'Data Encipherment']"
        @@ -537,7 +540,7 @@ see

        boolean

        Whether the key_usage extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -545,8 +548,8 @@ see

        string

        notAfter date as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -554,8 +557,8 @@ see

        string

        notBefore date as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190331202428Z"

        +

        Returned: success

        +

        Sample: "20190331202428Z"
        @@ -563,7 +566,7 @@ see

        boolean

        true if the OCSP Must Staple extension is present, none otherwise.

        -

        Returned: success

        +

        Returned: success
        @@ -571,7 +574,7 @@ see

        boolean

        Whether the ocsp_must_staple extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -579,7 +582,7 @@ see

        string

        The OCSP responder URI, if included in the certificate. Will be none if no OCSP responder URI is included.

        -

        Returned: success

        +

        Returned: success
        @@ -587,17 +590,17 @@ see

        string

        Certificate’s public key in PEM format.

        -

        Returned: success

        -

        Sample: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."

        +

        Returned: success

        +

        Sample: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."

        public_key_data

        dictionary

        -

        added in community.crypto 1.7.0

        +

        added in community.crypto 1.7.0

        Public key data. Depends on the public key’s type.

        -

        Returned: success

        +

        Returned: success
        @@ -605,7 +608,7 @@ see

        string

        The curve’s name for ECC.

        -

        Returned: When public_key_type=ECC

        +

        Returned: When public_key_type=ECC
        @@ -613,7 +616,7 @@ see

        integer

        The RSA key’s public exponent.

        -

        Returned: When public_key_type=RSA

        +

        Returned: When public_key_type=RSA
        @@ -621,7 +624,7 @@ see

        integer

        The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

        -

        Returned: When public_key_type=ECC

        +

        Returned: When public_key_type=ECC
        @@ -630,7 +633,7 @@ see

        The g value for DSA.

        This is the element spanning the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When public_key_type=DSA

        +

        Returned: When public_key_type=DSA
        @@ -638,7 +641,7 @@ see

        integer

        The RSA key’s modulus.

        -

        Returned: When public_key_type=RSA

        +

        Returned: When public_key_type=RSA
        @@ -647,7 +650,7 @@ see

        The p value for DSA.

        This is the prime modulus upon which arithmetic takes place.

        -

        Returned: When public_key_type=DSA

        +

        Returned: When public_key_type=DSA
        @@ -656,7 +659,7 @@ see

        The q value for DSA.

        This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

        -

        Returned: When public_key_type=DSA

        +

        Returned: When public_key_type=DSA
        @@ -664,7 +667,7 @@ see

        integer

        Bit size of modulus (RSA) or prime number (DSA).

        -

        Returned: When public_key_type=RSA or public_key_type=DSA

        +

        Returned: When public_key_type=RSA or public_key_type=DSA
        @@ -672,7 +675,7 @@ see

        integer

        The x coordinate for the public point on the elliptic curve.

        -

        Returned: When public_key_type=ECC

        +

        Returned: When public_key_type=ECC
        @@ -681,7 +684,7 @@ see

        For public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

        For public_key_type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

        -

        Returned: When public_key_type=DSA or public_key_type=ECC

        +

        Returned: When public_key_type=DSA or public_key_type=ECC
        @@ -690,20 +693,20 @@ see

        Fingerprints of certificate’s public key.

        For every hash algorithm available, the fingerprint is computed.

        -

        Returned: success

        -

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        +

        Returned: success

        +

        Sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63', 'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."

        public_key_type

        string

        -

        added in community.crypto 1.7.0

        +

        added in community.crypto 1.7.0

        The certificate’s public key’s type.

        One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

        Will start with unknown if the key type cannot be determined.

        -

        Returned: success

        -

        Sample: "RSA"

        +

        Returned: success

        +

        Sample: "RSA"
        @@ -711,8 +714,8 @@ see

        integer

        The certificate’s serial number.

        -

        Returned: success

        -

        Sample: 1234

        +

        Returned: success

        +

        Sample: 1234
        @@ -720,8 +723,8 @@ see

        string

        The signature algorithm used to sign the certificate.

        -

        Returned: success

        -

        Sample: "sha256WithRSAEncryption"

        +

        Returned: success

        +

        Sample: "sha256WithRSAEncryption"
        @@ -730,8 +733,8 @@ see

        The certificate’s subject as a dictionary.

        Note that for repeated values, only the last one will be returned.

        -

        Returned: success

        -

        Sample: {"commonName": "www.example.com", "emailAddress": "test@example.com"}

        +

        Returned: success

        +

        Sample: {"commonName": "www.example.com", "emailAddress": "test@example.com"}
        @@ -740,8 +743,8 @@ see

        Entries in the subject_alt_name extension, or none if extension is not present.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

        +

        Returned: success

        +

        Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]
        @@ -749,7 +752,7 @@ see

        boolean

        Whether the subject_alt_name extension is critical.

        -

        Returned: success

        +

        Returned: success
        @@ -759,8 +762,8 @@ see

        The certificate’s subject key identifier.

        The identifier is returned in hexadecimal, with : used to separate bytes.

        Is none if the SubjectKeyIdentifier extension is not present.

        -

        Returned: success

        -

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

        +

        Returned: success

        +

        Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"
        @@ -768,8 +771,8 @@ see

        list / elements=list

        The certificate’s subject as an ordered list of tuples.

        -

        Returned: success

        -

        Sample: [["commonName", "www.example.com"], [{"emailAddress": "test@example.com"}]]

        +

        Returned: success

        +

        Sample: [["commonName", "www.example.com"], [{"emailAddress": "test@example.com"}]]
        @@ -777,7 +780,7 @@ see

        dictionary

        For every time stamp provided in the valid_at option, a boolean whether the certificate is valid at that point in time or not.

        -

        Returned: success

        +

        Returned: success
        @@ -785,8 +788,8 @@ see

        integer

        The certificate version.

        -

        Returned: success

        -

        Sample: 3

        +

        Returned: success

        +

        Sample: 3
        +
        @@ -232,9 +235,9 @@ see

        Include the intermediate certificate to the generated certificate

        This is only used by the acme provider.

        Note that this is only available for older versions of acme-tiny. New versions include the chain automatically, and setting acme_chain to true results in an error.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -250,11 +253,11 @@ see @@ -284,7 +287,7 @@ see @@ -433,14 +436,14 @@ see @@ -460,7 +463,7 @@ see @@ -492,9 +495,9 @@ see never_create never creates a SKI. If the CSR provides one, that one is used.

        This is only used by the ownca provider.

        Note that this is only supported if the cryptography backend is used!

        -

        Choices:

        +

        Choices:

          -

        • "create_if_not_provided" ← (default)

          • +

        • "create_if_not_provided" ← (default)

        • "always_create"

        • "never_create"

        @@ -506,7 +509,7 @@ see

        The digest algorithm to be used for the ownca certificate.

        This is only used by the ownca provider.

        -

        Default: "sha256"

        +

        Default: "sha256"

         @@ -661,9 +664,9 @@ see

        Determines which crypto backend to use.

        The default choice is auto, which tries to use cryptography if available.

        If set to cryptography, will try to use the cryptography library.

        -

        Choices:

        +

        Choices:

          -

        • "auto" ← (default)

          • +

        • "auto" ← (default)

        • "cryptography"

        @@ -687,9 +690,9 @@ see never_create never creates a SKI. If the CSR provides one, that one is used.

        This is only used by the selfsigned provider.

        Note that this is only supported if the cryptography backend is used!

        -

        Choices:

        +

        Choices:

          -

        • "create_if_not_provided" ← (default)

          • +

        • "create_if_not_provided" ← (default)

        • "always_create"

        • "never_create"

        @@ -701,7 +704,7 @@ see

        Digest algorithm to be used when self-signing the certificate.

        This is only used by the selfsigned provider.

        -

        Default: "sha256"

        +

        Default: "sha256"

         @@ -792,9 +795,9 @@ see Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -804,7 +807,7 @@ see

        Attributes

        -

        Parameter

        Comments

        acme_directory

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        The ACME directory to use. You can use any directory that supports the ACME protocol, such as Buypass or Let’s Encrypt.

        Let’s Encrypt recommends using their staging server while developing jobs. https://letsencrypt.org/docs/staging-environment/.

        -

        Default: "https://acme-v02.api.letsencrypt.org/directory"

        +

        Default: "https://acme-v02.api.letsencrypt.org/directory"
        @@ -274,9 +277,9 @@ see

        boolean

        Create a backup file including a timestamp so you can get the original certificate back if you overwrote it with a new one by accident.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        csr_content

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Content of the Certificate Signing Request (CSR) used to generate this certificate.

        This is mutually exclusive with csr_path.

        @@ -332,7 +335,7 @@ see

        The path to the specification file defining the Entrust Certificate Services (ECS) API configuration.

        You can use this to keep a local copy of the specification to avoid downloading it every time the module is used.

        This is only used by the entrust provider.

        -

        Default: "https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml"

        +

        Default: "https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml"
        @@ -350,9 +353,9 @@ see

        Specify the type of certificate requested.

        This is only used by the entrust provider.

        -

        Choices:

        +

        Choices:
        @@ -415,9 +418,9 @@ see

        boolean

        Generate the certificate, even if it already exists.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        ignore_timestamps

        boolean

        -

        added in community.crypto 2.0.0

        +

        added in community.crypto 2.0.0

        Whether the “not before” and “not after” timestamps should be ignored for idempotency checks.

        It is better to keep the default value true when using relative timestamps (like +0s for now).

        -

        Choices:

        +

        Choices:

        • false

          • -

        • true ← (default)

          • +

        • true ← (default)

        ownca_content

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Content of the CA (Certificate Authority) certificate.

        This is only used by the ownca provider.

        @@ -475,10 +478,10 @@ see ownca provider.

        Note that this is only supported if the cryptography backend is used!

        -

        Choices:

        +

        Choices:

        • false

          • -

        • true ← (default)

          • +

        • true ← (default)
        @@ -521,7 +524,7 @@ see ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

        This is only used by the ownca provider.

        On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. Please see https://support.apple.com/en-us/HT210176 for more details.

        -

        Default: "+3650d"

        +

        Default: "+3650d"
        @@ -535,7 +538,7 @@ see ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

        This is only used by the ownca provider.

        -

        Default: "+0s"

        +

        Default: "+0s"
        @@ -550,7 +553,7 @@ see

        ownca_privatekey_content

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Content of the CA (Certificate Authority) private key to use when signing the certificate.

        This is only used by the ownca provider.

        @@ -581,7 +584,7 @@ see

        The version of the ownca certificate.

        Nowadays it should almost always be 3.

        This is only used by the ownca provider.

        -

        Default: 3

        +

        Default: 3
        @@ -603,7 +606,7 @@ see

        privatekey_content

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        Content of the private key to use when signing the certificate.

        This is mutually exclusive with privatekey_path.

        @@ -632,7 +635,7 @@ see

        Name of the provider to use to generate/retrieve the OpenSSL certificate. Please see the examples on how to emulate it with community.crypto.x509_certificate_info, community.crypto.openssl_csr_info, community.crypto.openssl_privatekey_info and ansible.builtin.assert.

        The entrust provider was added for Ansible 2.9 and requires credentials for the Entrust Certificate Services (ECS) API.

        Required if state is present.

        -

        Choices:

        +

        Choices:

        • "acme"

        • "entrust"

          • @@ -644,12 +647,12 @@ see

        return_content

        boolean

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        If set to true, will return the (current or generated) certificate’s content as certificate.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true
        @@ -718,7 +721,7 @@ see ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

        This is only used by the selfsigned provider.

        On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. Please see https://support.apple.com/en-us/HT210176 for more details.

        -

        Default: "+3650d"

        +

        Default: "+3650d"
        @@ -734,7 +737,7 @@ see ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

        This is only used by the selfsigned provider.

        -

        Default: "+0s"

        +

        Default: "+0s"
        @@ -744,7 +747,7 @@ see

        Version of the selfsigned certificate.

        Nowadays it should almost always be 3.

        This is only used by the selfsigned provider.

        -

        Default: 3

        +

        Default: 3
        @@ -777,10 +780,10 @@ see

        string

        Whether the certificate should exist or not, taking action if the state is different from what is stated.

        -

        Choices:

        +

        Choices:

        • "absent"

          • -

        • "present" ← (default)

          • +

        • "present" ← (default)
        +
        @@ -815,7 +818,7 @@ see - @@ -823,7 +826,7 @@ see - @@ -831,7 +834,7 @@ see - @@ -992,7 +995,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: full

        +

        Support: full

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        safe_file_operations

        Support: full

        +

        Support: full

        Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
        +
        @@ -1004,17 +1007,17 @@ see

        string

        @@ -1037,13 +1040,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/x509_certificate_pipe_module.html b/branch/main/x509_certificate_pipe_module.html index a4cf0606..70cccecd 100644 --- a/branch/main/x509_certificate_pipe_module.html +++ b/branch/main/x509_certificate_pipe_module.html @@ -2,6 +2,7 @@ +community.crypto.x509_certificate_pipe module – Generate and/or check OpenSSL certificates — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -208,7 +211,7 @@ see

        Parameters

        -

        Key

        Description

        Name of backup file created.

        -

        Returned: changed and if backup is true

        -

        Sample: "/path/to/www.ansible.com.crt.2019-03-09@11:22~"

        +

        Returned: changed and if backup is true

        +

        Sample: "/path/to/www.ansible.com.crt.2019-03-09@11:22~"

        certificate

        string

        -

        added in community.crypto 1.0.0

        +

        added in community.crypto 1.0.0

        The (current or generated) certificate’s content.

        -

        Returned: if state is present and return_content is true

        +

        Returned: if state is present and return_content is true
        @@ -1022,8 +1025,8 @@ see

        string

        Path to the generated certificate.

        -

        Returned: changed or success

        -

        Sample: "/etc/ssl/crt/www.ansible.com.crt"

        +

        Returned: changed or success

        +

        Sample: "/etc/ssl/crt/www.ansible.com.crt"
        +
        @@ -272,7 +275,7 @@ see

        The path to the specification file defining the Entrust Certificate Services (ECS) API configuration.

        You can use this to keep a local copy of the specification to avoid downloading it every time the module is used.

        This is only used by the entrust provider.

        -

        Default: "https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml"

        +

        Default: "https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml"

         @@ -365,14 +368,14 @@ see @@ -393,10 +396,10 @@ see ownca provider.

        Note that this is only supported if the cryptography backend is used!

        -

        Choices:

        +

        Choices:

        • false

          • -

        • true ← (default)

          • +

        • true ← (default)

        @@ -410,9 +413,9 @@ see         never_create never creates a SKI. If the CSR provides one, that one is used.

        This is only used by the ownca provider.

        Note that this is only supported if the cryptography backend is used!

        -

        Choices:

        +

        Choices:

          -

        • "create_if_not_provided" ← (default)

          • +

        • "create_if_not_provided" ← (default)

        • "always_create"

        • "never_create"

        @@ -424,7 +427,7 @@ see

        The digest algorithm to be used for the ownca certificate.

        This is only used by the ownca provider.

        -

        Default: "sha256"

        +

        Default: "sha256"

         @@ -563,9 +566,9 @@ see never_create never creates a SKI. If the CSR provides one, that one is used.

        This is only used by the selfsigned provider.

        Note that this is only supported if the cryptography backend is used!

        -

        Choices:

        +

        Choices:

          -

        • "create_if_not_provided" ← (default)

          • +

        • "create_if_not_provided" ← (default)

        • "always_create"

        • "never_create"

        @@ -577,7 +580,7 @@ see

        Digest algorithm to be used when self-signing the certificate.

        This is only used by the selfsigned provider.

        -

        Default: "sha256"

        +

        Default: "sha256"

         @@ -628,7 +631,7 @@ see

        Attributes

        -

        Parameter

        Comments

        @@ -290,9 +293,9 @@ see

        Specify the type of certificate requested.

        This is only used by the entrust provider.

        -

        Choices:

        +

        Choices:
        @@ -355,9 +358,9 @@ see

        boolean

        Generate the certificate, even if it already exists.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        ignore_timestamps

        boolean

        -

        added in community.crypto 2.0.0

        +

        added in community.crypto 2.0.0

        Whether the “not before” and “not after” timestamps should be ignored for idempotency checks.

        It is better to keep the default value true when using relative timestamps (like +0s for now).

        -

        Choices:

        +

        Choices:

        • false

          • -

        • true ← (default)

          • +

        • true ← (default)
        @@ -439,7 +442,7 @@ see ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

        This is only used by the ownca provider.

        On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. Please see https://support.apple.com/en-us/HT210176 for more details.

        -

        Default: "+3650d"

        +

        Default: "+3650d"
        @@ -453,7 +456,7 @@ see ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

        This is only used by the ownca provider.

        -

        Default: "+0s"

        +

        Default: "+0s"
        @@ -498,7 +501,7 @@ see

        The version of the ownca certificate.

        Nowadays it should almost always be 3.

        This is only used by the ownca provider.

        -

        Default: 3

        +

        Default: 3
        @@ -531,7 +534,7 @@ see

        Name of the provider to use to generate/retrieve the OpenSSL certificate.

        The entrust provider requires credentials for the Entrust Certificate Services (ECS) API.

        -

        Choices:

        +

        Choices:

        @@ -594,7 +597,7 @@ see ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

        This is only used by the selfsigned provider.

        On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. Please see https://support.apple.com/en-us/HT210176 for more details.

        -

        Default: "+3650d"

        +

        Default: "+3650d"
        @@ -610,7 +613,7 @@ see ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

        This is only used by the selfsigned provider.

        -

        Default: "+0s"

        +

        Default: "+0s"
        @@ -620,7 +623,7 @@ see

        Version of the selfsigned certificate.

        Nowadays it should almost always be 3.

        This is only used by the selfsigned provider.

        -

        Default: 3

        +

        Default: 3
        +
        @@ -639,7 +642,7 @@ see - @@ -647,7 +650,7 @@ see - @@ -758,7 +761,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: full

        +

        Support: full

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.
        +
        @@ -770,7 +773,7 @@ see

        string

        @@ -785,13 +788,14 @@ see

        Collection links

        -

        - Issue Tracker - Repository (Sources) - Submit a bug report - Request a feature - Communication -

        + + diff --git a/branch/main/x509_crl_info_filter.html b/branch/main/x509_crl_info_filter.html index 9b93e59d..055c3d8e 100644 --- a/branch/main/x509_crl_info_filter.html +++ b/branch/main/x509_crl_info_filter.html @@ -2,6 +2,7 @@ +community.crypto.x509_crl_info filter – Retrieve information from X.509 CRLs in PEM format — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This filter plugin is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this filter plugin, see Requirements for details.

        @@ -205,7 +208,7 @@ see

        Input

        This describes the input of the filter, the value before | community.crypto.x509_crl_info.

        -

        Key

        Description

        The (current or generated) certificate’s content.

        -

        Returned: changed or success

        +

        Returned: changed or success
        +
        @@ -226,7 +229,7 @@ see Keyword parameters

        This describes keyword parameters of the filter. These are the values key1=value1, key2=value2 and so on in the following example: input | community.crypto.x509_crl_info(key1=value1, key2=value2, ...)

        -

        Parameter

        Comments
        +
        @@ -236,14 +239,14 @@ example: input @@ -256,9 +259,9 @@ example: inputidna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

        unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

        Note that idna and unicode require the idna Python library to be installed.

        -

        Choices:

        +

        Choices:

          -

        • "ignore" ← (default)

          • +

        • "ignore" ← (default)

        • "idna"

        • "unicode"

        @@ -293,7 +296,7 @@ example: input

        Return Value

        -

        Parameter

        Comments

        list_revoked_certificates

        boolean

        -

        added in community.crypto 1.7.0

        +

        added in community.crypto 1.7.0

        If set to false, the list of revoked certificates is not included in the result.

        This is useful when retrieving information on large CRL files. Enumerating all revoked certificates can take some time, including serializing the result as JSON, sending it to the Ansible controller, and decoding it again.

        -

        Choices:

        +

        Choices:

        • false

          • -

        • true ← (default)

          • +

        • true ← (default)
        +
        @@ -305,7 +308,7 @@ example: input

        dictionary

         @@ -478,13 +481,14 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        + + diff --git a/branch/main/x509_crl_info_module.html b/branch/main/x509_crl_info_module.html index 380ab076..df0532af 100644 --- a/branch/main/x509_crl_info_module.html +++ b/branch/main/x509_crl_info_module.html @@ -2,6 +2,7 @@ + community.crypto.x509_crl_info module – Retrieve information on Certificate Revocation Lists (CRLs) — Community.Crypto Collection documentation @@ -172,6 +173,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -206,7 +209,7 @@ see

        Parameters

        -

        Key

        Description

        Information on the CRL.

        -

        Returned: success

        +

        Returned: success
        @@ -313,8 +316,8 @@ example: input

        string

        The signature algorithm used to sign the CRL.

        -

        Returned: success

        -

        Sample: "sha256WithRSAEncryption"

        +

        Returned: success

        +

        Sample: "sha256WithRSAEncryption"
        @@ -322,13 +325,13 @@ example: input

        string

        Whether the CRL is in PEM format (pem) or in DER format (der).

        -

        Returned: success

        -

        Can only return:

        +

        Returned: success

        +

        Can only return:

        • "pem"

        • "der"

        -

        Sample: "pem"

        +

        Sample: "pem"
        @@ -338,8 +341,8 @@ example: input

        The CRL’s issuer.

        Note that for repeated values, only the last one will be returned.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}

        +

        Returned: success

        +

        Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}
        @@ -347,8 +350,8 @@ example: input

        list / elements=list

        The CRL’s issuer as an ordered list of tuples.

        -

        Returned: success

        -

        Sample: [["organizationName", "Ansible"], [{"commonName": "ca.example.com"}]]

        +

        Returned: success

        +

        Sample: [["organizationName", "Ansible"], [{"commonName": "ca.example.com"}]]
        @@ -356,8 +359,8 @@ example: input

        string

        The point in time from which this CRL can be trusted as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -365,8 +368,8 @@ example: input

        string

        The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -374,7 +377,7 @@ example: input

        list / elements=dictionary

        List of certificates to be revoked.

        -

        Returned: success if list_revoked_certificates=true

        +

        Returned: success if list_revoked_certificates=true
        @@ -383,8 +386,8 @@ example: input

        The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -392,8 +395,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        boolean

        Whether the invalidity date extension is critical.

        -

        Returned: success

        -

        Sample: false

        +

        Returned: success

        +

        Sample: false
        @@ -402,8 +405,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        The certificate’s issuer.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["DNS:ca.example.org"]

        +

        Returned: success

        +

        Sample: ["DNS:ca.example.org"]
        @@ -411,8 +414,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        boolean

        Whether the certificate issuer extension is critical.

        -

        Returned: success

        -

        Sample: false

        +

        Returned: success

        +

        Sample: false
        @@ -420,8 +423,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        string

        The value for the revocation reason extension.

        -

        Returned: success

        -

        Can only return:

        +

        Returned: success

        +

        Can only return:

        • "unspecified"

        • "key_compromise"

          • @@ -434,7 +437,7 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        • "aa_compromise"

        • "remove_from_crl"

        -

        Sample: "key_compromise"

        +

        Sample: "key_compromise"
        @@ -442,8 +445,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        boolean

        Whether the revocation reason extension is critical.

        -

        Returned: success

        -

        Sample: false

        +

        Returned: success

        +

        Sample: false
        @@ -451,8 +454,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        string

        The point in time the certificate was revoked as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -460,8 +463,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        integer

        Serial number of the certificate.

        -

        Returned: success

        -

        Sample: 1234

        +

        Returned: success

        +

        Sample: 1234
        +
        @@ -224,14 +227,14 @@ see @@ -244,9 +247,9 @@ see idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

        unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

        Note that idna and unicode require the idna Python library to be installed.

        -

        Choices:

        +

        Choices:

          -

        • "ignore" ← (default)

          • +

        • "ignore" ← (default)

        • "idna"

        • "unicode"

        @@ -265,7 +268,7 @@ see

        Attributes

        -

        Parameter

        Comments

        list_revoked_certificates

        boolean

        -

        added in community.crypto 1.7.0

        +

        added in community.crypto 1.7.0

        If set to false, the list of revoked certificates is not included in the result.

        This is useful when retrieving information on large CRL files. Enumerating all revoked certificates can take some time, including serializing the result as JSON, sending it to the Ansible controller, and decoding it again.

        -

        Choices:

        +

        Choices:

        • false

          • -

        • true ← (default)

          • +

        • true ← (default)
        +
        @@ -276,7 +279,7 @@ see - -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        This action does not modify state.

        Can run in check_mode and return changed status prediction without modifying target.

        @@ -285,7 +288,7 @@ see

        diff_mode

        Support: N/A

        +

        Support: N/A

        This action does not modify state.

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        @@ -337,7 +340,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        - +
        @@ -349,8 +352,8 @@ see

        string

        @@ -510,13 +513,14 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        + + diff --git a/branch/main/x509_crl_module.html b/branch/main/x509_crl_module.html index d42bf0c2..7785001e 100644 --- a/branch/main/x509_crl_module.html +++ b/branch/main/x509_crl_module.html @@ -2,6 +2,7 @@ +community.crypto.x509_crl module – Generate Certificate Revocation Lists (CRLs) — Community.Crypto Collection documentation @@ -171,6 +172,8 @@

        Note

        This module is part of the community.crypto collection (version 2.16.0).

        +

        It is not included in ansible-core. +To check whether it is installed, run ansible-galaxy collection list.

        To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

        @@ -205,7 +208,7 @@ see

        Parameters

        -

        Key

        Description

        The signature algorithm used to sign the CRL.

        -

        Returned: success

        -

        Sample: "sha256WithRSAEncryption"

        +

        Returned: success

        +

        Sample: "sha256WithRSAEncryption"
        @@ -358,13 +361,13 @@ see

        string

        Whether the CRL is in PEM format (pem) or in DER format (der).

        -

        Returned: success

        -

        Can only return:

        +

        Returned: success

        +

        Can only return:

        • "pem"

        • "der"

        -

        Sample: "pem"

        +

        Sample: "pem"
        @@ -374,8 +377,8 @@ see

        The CRL’s issuer.

        Note that for repeated values, only the last one will be returned.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}

        +

        Returned: success

        +

        Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}
        @@ -383,8 +386,8 @@ see

        list / elements=list

        The CRL’s issuer as an ordered list of tuples.

        -

        Returned: success

        -

        Sample: [["organizationName", "Ansible"], [{"commonName": "ca.example.com"}]]

        +

        Returned: success

        +

        Sample: [["organizationName", "Ansible"], [{"commonName": "ca.example.com"}]]
        @@ -392,8 +395,8 @@ see

        string

        The point in time from which this CRL can be trusted as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -401,8 +404,8 @@ see

        string

        The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -410,7 +413,7 @@ see

        list / elements=dictionary

        List of certificates to be revoked.

        -

        Returned: success if list_revoked_certificates=true

        +

        Returned: success if list_revoked_certificates=true
        @@ -419,8 +422,8 @@ see

        The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -428,8 +431,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        boolean

        Whether the invalidity date extension is critical.

        -

        Returned: success

        -

        Sample: false

        +

        Returned: success

        +

        Sample: false
        @@ -438,8 +441,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        The certificate’s issuer.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["DNS:ca.example.org"]

        +

        Returned: success

        +

        Sample: ["DNS:ca.example.org"]
        @@ -447,8 +450,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        boolean

        Whether the certificate issuer extension is critical.

        -

        Returned: success

        -

        Sample: false

        +

        Returned: success

        +

        Sample: false
        @@ -456,8 +459,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        string

        The value for the revocation reason extension.

        -

        Returned: success

        -

        Can only return:

        +

        Returned: success

        +

        Can only return:

        • "unspecified"

        • "key_compromise"

          • @@ -470,7 +473,7 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        • "aa_compromise"

        • "remove_from_crl"

        -

        Sample: "key_compromise"

        +

        Sample: "key_compromise"
        @@ -478,8 +481,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        boolean

        Whether the revocation reason extension is critical.

        -

        Returned: success

        -

        Sample: false

        +

        Returned: success

        +

        Sample: false
        @@ -487,8 +490,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        string

        The point in time the certificate was revoked as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -496,8 +499,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        integer

        Serial number of the certificate.

        -

        Returned: success

        -

        Sample: 1234

        +

        Returned: success

        +

        Sample: 1234
        +
        @@ -229,9 +232,9 @@ see

        boolean

        @@ -239,14 +242,14 @@ see @@ -279,9 +282,9 @@ see

        Whether the CRL file should be in PEM or DER format.

        If an existing CRL file does match everything but format, it will be converted to the correct format instead of regenerated.

        -

        Choices:

        +

        Choices:

          -

        • "pem" ← (default)

          • +

        • "pem" ← (default)

        • "der"

        @@ -300,9 +303,9 @@ see

        Whether the timestamps last_update, next_update and revoked_certificates[].revocation_date should be ignored for idempotency checks. The timestamp revoked_certificates[].invalidity_date will never be ignored.

        Use this in combination with relative timestamps for these values to get idempotency.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -321,7 +324,7 @@ see @@ -468,9 +471,9 @@ see

        boolean

        @@ -488,9 +491,9 @@ see

        boolean

        @@ -509,7 +512,7 @@ see

        string

        @@ -545,7 +548,7 @@ see [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

        Note that if using relative time this module is NOT idempotent, except when ignore_timestamps is set to true.

        -

        Default: "+0s"

        +

        Default: "+0s"

        @@ -610,9 +613,9 @@ see Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        @@ -622,7 +625,7 @@ see

        Attributes

        -

        Parameter

        Comments

        Create a backup file including a timestamp so you can get the original CRL back if you overwrote it with a new one by accident.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        crl_mode

        string

        -

        added in community.crypto 2.13.0

        +

        added in community.crypto 2.13.0

        Defines how to process entries of existing CRLs.

        If set to generate, makes sure that the CRL has the exact set of revoked certificates as specified in revoked_certificates.

        If set to update, makes sure that the CRL contains the revoked certificates from revoked_certificates, but can also contain other revoked certificates. If the CRL file already exists, all entries from the existing CRL will also be included in the new CRL. When using update, you might be interested in setting ignore_timestamps to true.

        The default value is generate.

        This parameter was called mode before community.crypto 2.13.0. It has been renamed to avoid a collision with the common mode parameter for setting the CRL file’s access mode.

        -

        Choices:

        +

        Choices:

        • "generate"

        • "update"

          • @@ -258,7 +261,7 @@ see

          string

        Digest algorithm to be used when signing the CRL.

        -

        Default: "sha256"

        +

        Default: "sha256"
        @@ -266,9 +269,9 @@ see

        boolean

        Should the CRL be forced to be regenerated.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        issuer_ordered

        list / elements=dictionary

        -

        added in community.crypto 2.0.0

        +

        added in community.crypto 2.0.0

        A list of dictionaries, where every dictionary must contain one key/value pair. This key/value pair will be present in the issuer name field of the CRL.

        If you want to specify more than one value with the same key in a row, you can use a list as value.

        @@ -338,7 +341,7 @@ see [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

        Note that if using relative time this module is NOT idempotent, except when ignore_timestamps is set to true.

        -

        Default: "+0s"

        +

        Default: "+0s"
        @@ -347,7 +350,7 @@ see

        This parameter has been renamed to crl_mode. The old name mode is now deprecated and will be removed in community.crypto 3.0.0. Replace usage of this parameter with crl_mode.

        Note that from community.crypto 3.0.0 on, mode will be used for the CRL file’s mode.

        -

        Choices:

        +

        Choices:

        If set to true, will return the (current or generated) CRL’s content as crl.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Whether the invalidity date extension should be critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        Whether the certificate issuer extension should be critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true

        The value for the revocation reason extension.

        -

        Choices:

        +

        Choices:

        • "unspecified"

        • "key_compromise"

          • @@ -529,9 +532,9 @@ see

          boolean

        Whether the revocation reason extension should be critical.

        -

        Choices:

        +

        Choices:

          -

        • false ← (default)

          • +

        • false ← (default)

        • true
        @@ -595,10 +598,10 @@ see

        string

        Whether the CRL file should exist or not, taking action if the state is different from what is stated.

        -

        Choices:

        +

        Choices:

        • "absent"

          • -

        • "present" ← (default)

          • +

        • "present" ← (default)
        +
        @@ -633,7 +636,7 @@ see - @@ -641,7 +644,7 @@ see - @@ -649,7 +652,7 @@ see - @@ -694,7 +697,7 @@ see

        Return Values

        Common return values are documented here, the following are the fields unique to this module:

        -

        Attribute

        Support

        check_mode

        Support: full

        +

        Support: full

        Can run in check_mode and return changed status prediction without modifying target.

        diff_mode

        Support: full

        +

        Support: full

        Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

        safe_file_operations

        Support: full

        +

        Support: full

        Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.
        +
        @@ -706,8 +709,8 @@ see

        string

        @@ -903,13 +906,14 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        + +

        Key

        Description

        Name of backup file created.

        -

        Returned: changed and if backup is true

        -

        Sample: "/path/to/my-ca.crl.2019-03-09@11:22~"

        +

        Returned: changed and if backup is true

        +

        Sample: "/path/to/my-ca.crl.2019-03-09@11:22~"
        @@ -716,7 +719,7 @@ see

        The (current or generated) CRL’s content.

        Will be the CRL itself if format is pem, and Base64 of the CRL if format is der.

        -

        Returned: if state is present and return_content is true

        +

        Returned: if state is present and return_content is true
        @@ -724,8 +727,8 @@ see

        string

        The signature algorithm used to sign the CRL.

        -

        Returned: success

        -

        Sample: "sha256WithRSAEncryption"

        +

        Returned: success

        +

        Sample: "sha256WithRSAEncryption"
        @@ -733,8 +736,8 @@ see

        string

        Path to the generated CRL.

        -

        Returned: changed or success

        -

        Sample: "/path/to/my-ca.crl"

        +

        Returned: changed or success

        +

        Sample: "/path/to/my-ca.crl"
        @@ -742,13 +745,13 @@ see

        string

        Whether the CRL is in PEM format (pem) or in DER format (der).

        -

        Returned: success

        -

        Can only return:

        +

        Returned: success

        +

        Can only return:

        • "pem"

        • "der"

        -

        Sample: "pem"

        +

        Sample: "pem"
        @@ -758,8 +761,8 @@ see

        The CRL’s issuer.

        Note that for repeated values, only the last one will be returned.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}

        +

        Returned: success

        +

        Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}
        @@ -767,8 +770,8 @@ see

        list / elements=list

        The CRL’s issuer as an ordered list of tuples.

        -

        Returned: success

        -

        Sample: [["organizationName", "Ansible"], [{"commonName": "ca.example.com"}]]

        +

        Returned: success

        +

        Sample: [["organizationName", "Ansible"], [{"commonName": "ca.example.com"}]]
        @@ -776,8 +779,8 @@ see

        string

        The point in time from which this CRL can be trusted as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -785,8 +788,8 @@ see

        string

        The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -794,8 +797,8 @@ see

        string

        Path to the private CA key.

        -

        Returned: changed or success

        -

        Sample: "/path/to/my-ca.pem"

        +

        Returned: changed or success

        +

        Sample: "/path/to/my-ca.pem"
        @@ -803,7 +806,7 @@ see

        list / elements=dictionary

        List of certificates to be revoked.

        -

        Returned: success

        +

        Returned: success
        @@ -812,8 +815,8 @@ see

        The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -821,8 +824,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        boolean

        Whether the invalidity date extension is critical.

        -

        Returned: success

        -

        Sample: false

        +

        Returned: success

        +

        Sample: false
        @@ -831,8 +834,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        The certificate’s issuer.

        See name_encoding for how IDNs are handled.

        -

        Returned: success

        -

        Sample: ["DNS:ca.example.org"]

        +

        Returned: success

        +

        Sample: ["DNS:ca.example.org"]
        @@ -840,8 +843,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        boolean

        Whether the certificate issuer extension is critical.

        -

        Returned: success

        -

        Sample: false

        +

        Returned: success

        +

        Sample: false
        @@ -849,8 +852,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        string

        The value for the revocation reason extension.

        -

        Returned: success

        -

        Can only return:

        +

        Returned: success

        +

        Can only return:

        • "unspecified"

        • "key_compromise"

          • @@ -863,7 +866,7 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        • "aa_compromise"

        • "remove_from_crl"

        -

        Sample: "key_compromise"

        +

        Sample: "key_compromise"
        @@ -871,8 +874,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        boolean

        Whether the revocation reason extension is critical.

        -

        Returned: success

        -

        Sample: false

        +

        Returned: success

        +

        Sample: false
        @@ -880,8 +883,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        string

        The point in time the certificate was revoked as ASN.1 TIME.

        -

        Returned: success

        -

        Sample: "20190413202428Z"

        +

        Returned: success

        +

        Sample: "20190413202428Z"
        @@ -889,8 +892,8 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

        integer

        Serial number of the certificate.

        -

        Returned: success

        -

        Sample: 1234

        +

        Returned: success

        +

        Sample: 1234