<title>community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates — Community.Crypto Collection documentation</title>
<linkrel="prev"title="community.crypto.acme_inspect module – Send direct requests to an ACME server"href="acme_inspect_module.html"/><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
</head>
<bodyclass="wy-body-for-nav"><!-- extra body elements for Ansible beyond RTD Sphinx Theme -->
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_selfsigned.html">How to create self-signed certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_ownca.html">How to create a small CA</a></li>
</ul>
<ulclass="current">
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_module.html">community.crypto.acme_account module – Create, modify or delete ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves information on ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_module.html">community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <codeclass="docutils literal notranslate"><spanclass="pre">tls-alpn-01</span></code></a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
<liclass="toctree-l1 current"><aclass="current reference internal"href="#">community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates</a><ul>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates.</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_csr_info_module.html">community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR)</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_module.html">community.crypto.openssl_privatekey_info module – Provide information for OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_pipe_module.html">community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_module.html">community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key.</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_module.html">community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_module.html">community.crypto.openssl_signature module – Sign data with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_info_module.html">community.crypto.openssl_signature_info module – Verify signatures with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_module.html">community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_filter.html">community.crypto.x509_certificate_info filter – Retrieve information from X.509 certificates in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_crl_info_filter.html">community.crypto.x509_crl_info filter – Retrieve information from X.509 CRLs in PEM format</a></li>
<liclass="breadcrumb-item active">community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates</li>
<liclass="wy-breadcrumbs-aside">
<!-- User defined GitHub URL -->
<ahref="https://github.com/ansible-collections/community.crypto/edit/main/plugins/modules/certificate_complete_chain.py?description=%23%23%23%23%23%20SUMMARY%0A%3C!—%20Your%20description%20here%20–%3E%0A%0A%0A%23%23%23%23%23%20ISSUE%20TYPE%0A-%20Docs%20Pull%20Request%0A%0A%2Blabel:%20docsite_pr"class="fa fa-github"> Edit on GitHub</a>
<h1>community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates<aclass="headerlink"href="#community-crypto-certificate-complete-chain-module-complete-certificate-chain-given-a-set-of-untrusted-and-root-certificates"title="Permalink to this heading"></a></h1>
<p>This module is part of the <aclass="reference external"href="https://galaxy.ansible.com/community/crypto">community.crypto collection</a> (version 2.10.0).</p>
You need further requirements to be able to use this module,
see <aclass="reference internal"href="#ansible-collections-community-crypto-certificate-complete-chain-module-requirements"><spanclass="std std-ref">Requirements</span></a> for details.</p>
<p>To use it in a playbook, specify: <codeclass="code docutils literal notranslate"><spanclass="pre">community.crypto.certificate_complete_chain</span></code>.</p>
<h2><aclass="toc-backref"href="#id1">Synopsis</a><aclass="headerlink"href="#synopsis"title="Permalink to this heading"></a></h2>
<ulclass="simple">
<li><p>This module completes a given chain of certificates in PEM format by finding intermediate certificates from a given set of certificates, until it finds a root certificate in another given set of certificates.</p></li>
<li><p>This can for example be used to find the root certificate for a certificate chain returned by <aclass="reference internal"href="acme_certificate_module.html#ansible-collections-community-crypto-acme-certificate-module"><spanclass="std std-ref">community.crypto.acme_certificate</span></a>.</p></li>
<li><p>Note that this module does <em>not</em> check for validity of the chains. It only checks that issuer and subject match, and that the signature is correct. It ignores validity dates and key usage completely. If you need to verify that a generated chain is valid, please use <codeclass="docutils literal notranslate"><spanclass="pre">openssl</span><spanclass="pre">verify</span><spanclass="pre">...</span></code>.</p></li>
</ul>
</section>
<sectionid="requirements">
<spanid="ansible-collections-community-crypto-certificate-complete-chain-module-requirements"></span><h2><aclass="toc-backref"href="#id2">Requirements</a><aclass="headerlink"href="#requirements"title="Permalink to this heading"></a></h2>
<p>The below requirements are needed on the host that executes this module.</p>
<ulclass="simple">
<li><p>cryptography >= 1.5</p></li>
</ul>
</section>
<sectionid="parameters">
<h2><aclass="toc-backref"href="#id3">Parameters</a><aclass="headerlink"href="#parameters"title="Permalink to this heading"></a></h2>
<aclass="ansibleOptionLink"href="#parameter-input_chain"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span> / <spanclass="ansible-option-required">required</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>A concatenated set of certificates in PEM format forming a chain.</p>
<p>The module will try to complete this chain.</p>
<aclass="ansibleOptionLink"href="#parameter-intermediate_certificates"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=path</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>A list of filenames or directories.</p>
<p>A filename is assumed to point to a file containing one or more certificates in PEM format. All certificates in this file will be added to the set of root certificates.</p>
<p>If a directory name is given, all files in the directory and its subdirectories will be scanned and tried to be parsed as concatenated certificates in PEM format.</p>
<aclass="ansibleOptionLink"href="#parameter-root_certificates"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=path</span> / <spanclass="ansible-option-required">required</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>A list of filenames or directories.</p>
<p>A filename is assumed to point to a file containing one or more certificates in PEM format. All certificates in this file will be added to the set of root certificates.</p>
<p>If a directory name is given, all files in the directory and its subdirectories will be scanned and tried to be parsed as concatenated certificates in PEM format.</p>
<p>Symbolic links will be followed.</p>
</div></td>
</tr>
</tbody>
</table>
</section>
<sectionid="attributes">
<h2><aclass="toc-backref"href="#id4">Attributes</a><aclass="headerlink"href="#attributes"title="Permalink to this heading"></a></h2>
<td><divclass="ansible-option-cell"><p>Can run in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code> and return changed status prediction without modifying target.</p>
<td><divclass="ansible-option-cell"><p>Will return details on what has changed (or possibly needs changing in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code>), when in diff mode.</p>
</div></td>
</tr>
</tbody>
</table>
</section>
<sectionid="examples">
<h2><aclass="toc-backref"href="#id5">Examples</a><aclass="headerlink"href="#examples"title="Permalink to this heading"></a></h2>
<divclass="highlight-yaml+jinja notranslate"><divclass="highlight"><pre><span></span><spanclass="c1"># Given a leaf certificate for www.ansible.com and one or more intermediate</span><spanclass="w"></span>
<spanclass="c1"># certificates, finds the associated root certificate.</span><spanclass="w"></span>
<h2><aclass="toc-backref"href="#id6">Return Values</a><aclass="headerlink"href="#return-values"title="Permalink to this heading"></a></h2>
<p>Common return values are documented <aclass="reference external"href="https://docs.ansible.com/ansible/devel/reference_appendices/common_return_values.html#common-return-values"title="(in Ansible vdevel)"><spanclass="xref std std-ref">here</span></a>, the following are the fields unique to this module:</p>
<aclass="ansibleOptionLink"href="#return-chain"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The chain added to the given input chain. Includes the root certificate.</p>
<aclass="ansibleOptionLink"href="#return-complete_chain"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The completed chain, including leaf, all intermediates, and root.</p>
<aclass="ansibleOptionLink"href="#return-root"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The root certificate in PEM format.</p>
<ahref="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&labels=&template=bug_report.md"aria-role="button"target="_blank"rel="noopener external">Submit a bug report</a>
<ahref="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&labels=&template=feature_request.md"aria-role="button"target="_blank"rel="noopener external">Request a feature</a>
<ahref="acme_inspect_module.html"class="btn btn-neutral float-left"title="community.crypto.acme_inspect module – Send direct requests to an ACME server"accesskey="p"rel="prev"><spanclass="fa fa-arrow-circle-left"aria-hidden="true"></span> Previous</a>
