community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR)
Note
This module is part of the community.crypto collection (version 3.1.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.crypto.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.crypto.openssl_csr_info.
Synopsis
- This module allows one to query information on OpenSSL Certificate Signing Requests (CSR). 
- In case the CSR signature cannot be validated, the module will fail. In this case, all return variables are still returned. 
- It uses the cryptography python library to interact with OpenSSL. 
Requirements
The below requirements are needed on the host that executes this module.
- If - name_encodingis set to another value than- ignore, the idna Python library needs to be installed.
- cryptography >= 3.3 
Parameters
| Parameter | Comments | 
|---|---|
| How to encode names (DNS names, URIs, email addresses) in return values. 
 
 
 Note that  Choices: 
 | |
| Determines which crypto backend to use. The default choice is  If set to  Note that with community.crypto 3.0.0, all values behave the same. This option will be deprecated in a later version. We recommend to not set it explicitly. Choices: 
 | 
Attributes
| Attribute | Support | Description | 
|---|---|---|
| Support: full This action does not modify state. | Can run in  | |
| Support: N/A This action does not modify state. | Will return details on what has changed (or possibly needs changing in  | |
| Support: full This action does not modify state. | When run twice in a row outside check mode, with the same arguments, the second invocation indicates no change. This assumes that the system controlled/queried by the module has not changed in a relevant way. | 
See Also
See also
- community.crypto.openssl_csr
- Generate OpenSSL Certificate Signing Request (CSR). 
- community.crypto.openssl_csr_pipe
- Generate OpenSSL Certificate Signing Request (CSR). 
- community.crypto.openssl_csr_info filter plugin
- A filter variant of this module. 
- community.crypto.to_serial filter plugin
- Convert an integer to a colon-separated list of hex numbers. 
Examples
---
- name: Generate an OpenSSL Certificate Signing Request
  community.crypto.openssl_csr:
    path: /etc/ssl/csr/www.ansible.com.csr
    privatekey_path: /etc/ssl/private/ansible.com.pem
    common_name: www.ansible.com
- name: Get information on the CSR
  community.crypto.openssl_csr_info:
    path: /etc/ssl/csr/www.ansible.com.csr
  register: result
- name: Dump information
  ansible.builtin.debug:
    var: result
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Description | 
|---|---|
| The CSR’s authority cert issuer as a list of general names. Is  See  Returned: success Sample:  | |
| The CSR’s authority cert serial number. Is  This return value is an integer. If you need the serial numbers as a colon-separated hex string, such as  Returned: success Sample:  | |
| The CSR’s authority key identifier. The identifier is returned in hexadecimal, with  Is  Returned: success Sample:  | |
| Entries in the  Returned: success Sample:  | |
| Whether the  Returned: success | |
| Entries in the  Returned: success Sample:  | |
| Whether the  Returned: success | |
| Returns a dictionary for every extension OID. Returned: success Sample:  | |
| Whether the extension is critical. Returned: success | |
| The Base64 encoded value (in DER format) of the extension. Note that depending on the  Returned: success Sample:  | |
| Entries in the  Returned: success Sample:  | |
| Whether the  Returned: success | |
| Whether the  Is  Returned: success | |
| List of excluded subtrees the CA cannot sign certificates for. Is  See  Returned: success Sample:  | |
| List of permitted subtrees to sign certificates for. Returned: success Sample:  | |
| 
 Returned: success | |
| Whether the  Returned: success | |
| CSR’s public key in PEM format. Returned: success Sample:  | |
| Public key data. Depends on the public key’s type. Returned: success | |
| The curve’s name for ECC. Returned: When  | |
| The RSA key’s public exponent. Returned: When  | |
| The maximum number of bits of a private key. This is basically the bit size of the subgroup used. Returned: When  | |
| The  This is the element spanning the subgroup of the multiplicative group of the prime field used. Returned: When  | |
| The RSA key’s modulus. Returned: When  | |
| The  This is the prime modulus upon which arithmetic takes place. Returned: When  | |
| The  This is a prime that divides  Returned: When  | |
| Bit size of modulus (RSA) or prime number (DSA). Returned: When  | |
| The  Returned: When  | |
| For  For  Returned: When  | |
| Fingerprints of CSR’s public key. For every hash algorithm available, the fingerprint is computed. Returned: success Sample:  | |
| The CSR’s public key’s type. One of  Will start with  Returned: success Sample:  | |
| Whether the CSR’s signature is valid. In case the check returns  Returned: success | |
| The CSR’s subject as a dictionary. Note that for repeated values, only the last one will be returned. Returned: success Sample:  | |
| Entries in the  See  Returned: success Sample:  | |
| Whether the  Returned: success | |
| The CSR’s subject key identifier. The identifier is returned in hexadecimal, with  Is  Returned: success Sample:  | |
| The CSR’s subject as an ordered list of tuples. Returned: success Sample:  | 
