java_cert - Uses keytool to import/remove key from java keystore(cacerts)
New in version 2.3.
Synopsis
- This is a wrapper module around keytool. Which can be used to import/remove certificates from a given java keystore.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| cert_alias |
Imported certificate alias.
|
|
| cert_path |
Local path to load certificate from. One of cert_url or cert_path is required to load certificate.
|
|
| cert_port | Default:
443
|
Port to connect to URL. This will be used to create server URL:PORT
|
| cert_url |
Basic URL to fetch SSL certificate from. One of cert_url or cert_path is required to load certificate.
|
|
| executable | Default:
"keytool"
|
Path to keytool binary if not used we search in PATH for it.
|
| keystore_create |
Create keystore if it doesn't exist
|
|
| keystore_pass
required
|
Keystore password.
|
|
| keystore_path |
Path to keystore.
|
|
| pkcs12_alias
(added in 2.4)
|
Default:
1
|
Alias in the PKCS12 keystore.
|
| pkcs12_password
(added in 2.4)
|
Default:
""
|
Password for importing from PKCS12 keystore.
|
| pkcs12_path
(added in 2.4)
|
Local path to load PKCS12 keystore from.
|
|
| state |
|
Defines action which can be either certificate import or removal.
|
Examples
- name: Import SSL certificate from google.com to a given cacerts keystore
java_cert:
cert_url: google.com
cert_port: 443
keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
keystore_pass: changeit
state: present
- name: Remove certificate with given alias from a keystore
java_cert:
cert_url: google.com
keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
keystore_pass: changeit
executable: /usr/lib/jvm/jre7/bin/keytool
state: absent
- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
java_cert:
cert_url: google.com
keystore_path: /tmp/cacerts
keystore_pass: changeit
keystore_create: yes
state: present
- name: Import a pkcs12 keystore with a specified alias, create it if it doesn't exist
java_cert:
pkcs12_path: "/tmp/importkeystore.p12"
cert_alias: default
keystore_path: /opt/wildfly/standalone/configuration/defaultkeystore.jks
keystore_pass: changeit
keystore_create: yes
state: present
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| cmd
string
|
success |
Executed command to get action done
Sample:
keytool -importcert -noprompt -keystore
|
| msg
string
|
success |
Output from stdout of keytool command after execution of given command.
Sample:
Module require existing keystore at keystore_path '/tmp/test/cacerts'
|
| rc
int
|
success |
Keytool command execution return value
Sample:
0
|
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author
- Adam Hamsik (@haad)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/java_cert_module.html