java_cert - Uses keytool to import/remove key from java keystore(cacerts)

New in version 2.3.

Synopsis

  • This is a wrapper module around keytool. Which can be used to import/remove certificates from a given java keystore.

Options

parameter required default choices comments
cert_alias
no
Imported certificate alias.
cert_path
no
Local path to load certificate from. One of cert_url or cert_path is required to load certificate.
cert_port
no 443
Port to connect to URL. This will be used to create server URL:PORT
cert_url
no
Basic URL to fetch SSL certificate from. One of cert_url or cert_path is required to load certificate.
executable
no keytool
Path to keytool binary if not used we search in PATH for it.
keystore_create
no
Create keystore if it doesn't exist
keystore_pass
yes
Keystore password.
keystore_path
no
Path to keystore.
pkcs12_alias
(added in 2.4)
no 1
Alias in the PKCS12 keystore.
pkcs12_password
(added in 2.4)
no
Password for importing from PKCS12 keystore.
pkcs12_path
(added in 2.4)
no
Local path to load PKCS12 keystore from.
state
no present
  • present
  • absent
Defines action which can be either certificate import or removal.

Examples

- name: Import SSL certificate from google.com to a given cacerts keystore
  java_cert:
    cert_url: google.com
    cert_port: 443
    keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
    keystore_pass: changeit
    state: present

- name: Remove certificate with given alias from a keystore
  java_cert:
    cert_url: google.com
    keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts
    keystore_pass: changeit
    executable: /usr/lib/jvm/jre7/bin/keytool
    state: absent

- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
  java_cert:
    cert_url: google.com
    keystore_path: /tmp/cacerts
    keystore_pass: changeit
    keystore_create: yes
    state: present

- name: Import a pkcs12 keystore with a specified alias, create it if it doesn't exist
  java_cert:
    pkcs12_path: "/tmp/importkeystore.p12"
    cert_alias: default
    keystore_path: /opt/wildfly/standalone/configuration/defaultkeystore.jks
    keystore_pass: changeit
    keystore_create: yes
    state: present

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
cmd
Executed command to get action done
success string keytool -importcert -noprompt -keystore
msg
Output from stdout of keytool command after execution of given command.
success string Module require existing keystore at keystore_path '/tmp/test/cacerts'
rc
Keytool command execution return value
success int 0

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/java_cert_module.html