<linkrel="next"title="community.crypto.x509_crl_info module – Retrieve information on Certificate Revocation Lists (CRLs)"href="x509_crl_info_module.html"/>
<linkrel="prev"title="community.crypto.x509_certificate_pipe module – Generate and/or check OpenSSL certificates"href="x509_certificate_pipe_module.html"/><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
</head>
<bodyclass="wy-body-for-nav"><!-- extra body elements for Ansible beyond RTD Sphinx Theme -->
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_selfsigned.html">How to create self-signed certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_ownca.html">How to create a small CA</a></li>
</ul>
<ulclass="current">
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_module.html">community.crypto.acme_account module – Create, modify or delete ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves information on ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_ari_info_module.html">community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_module.html">community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <codeclass="docutils literal notranslate"><spanclass="pre">tls-alpn-01</span></code></a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="certificate_complete_chain_module.html">community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_csr_info_module.html">community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR)</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_module.html">community.crypto.openssl_privatekey_info module – Provide information for OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_pipe_module.html">community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_module.html">community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_module.html">community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_module.html">community.crypto.openssl_signature module – Sign data with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_info_module.html">community.crypto.openssl_signature_info module – Verify signatures with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_module.html">community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_crl_info_module.html">community.crypto.x509_crl_info module – Retrieve information on Certificate Revocation Lists (CRLs)</a></li>
</ul>
<ul>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_filter.html">community.crypto.gpg_fingerprint filter – Retrieve a GPG fingerprint from a GPG public or private key</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_csr_info_filter.html">community.crypto.openssl_csr_info filter – Retrieve information from OpenSSL Certificate Signing Requests (CSR)</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_filter.html">community.crypto.openssl_privatekey_info filter – Retrieve information from OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_filter.html">community.crypto.openssl_publickey_info filter – Retrieve information from OpenSSL public keys in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="parse_serial_filter.html">community.crypto.parse_serial filter – Convert a serial number as a colon-separated list of hex numbers to an integer</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="to_serial_filter.html">community.crypto.to_serial filter – Convert an integer to a colon-separated list of hex numbers</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_filter.html">community.crypto.x509_certificate_info filter – Retrieve information from X.509 certificates in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_crl_info_filter.html">community.crypto.x509_crl_info filter – Retrieve information from X.509 CRLs in PEM format</a></li>
</ul>
<ul>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_lookup.html">community.crypto.gpg_fingerprint lookup – Retrieve a GPG fingerprint from a GPG public or private key file</a></li>
</ul>
<!-- extra nav elements for Ansible beyond RTD Sphinx Theme -->
<ahref="https://github.com/ansible-collections/community.crypto/edit/main/plugins/modules/x509_crl.py?description=%23%23%23%23%23%20SUMMARY%0A%3C!—%20Your%20description%20here%20–%3E%0A%0A%0A%23%23%23%23%23%20ISSUE%20TYPE%0A-%20Docs%20Pull%20Request%0A%0A%2Blabel:%20docsite_pr"class="fa fa-github"> Edit on GitHub</a>
<h1>community.crypto.x509_crl module – Generate Certificate Revocation Lists (CRLs)<aclass="headerlink"href="#community-crypto-x509-crl-module-generate-certificate-revocation-lists-crls"title="Link to this heading"></a></h1>
<divclass="admonition note">
<pclass="admonition-title">Note</p>
<p>This module is part of the <aclass="reference external"href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.23.0).</p>
<p>It is not included in <codeclass="docutils literal notranslate"><spanclass="pre">ansible-core</span></code>.
To check whether it is installed, run <codeclass="code docutils literal notranslate"><spanclass="pre">ansible-galaxy</span><spanclass="pre">collection</span><spanclass="pre">list</span></code>.</p>
You need further requirements to be able to use this module,
see <aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-requirements"><spanclass="std std-ref">Requirements</span></a> for details.</p>
<p>To use it in a playbook, specify: <codeclass="code docutils literal notranslate"><spanclass="pre">community.crypto.x509_crl</span></code>.</p>
</div>
<pclass="ansible-version-added">New in community.crypto 1.0.0</p>
<h2><aclass="toc-backref"href="#id1"role="doc-backlink">Synopsis</a><aclass="headerlink"href="#synopsis"title="Link to this heading"></a></h2>
<ulclass="simple">
<li><p>This module allows one to (re)generate or update Certificate Revocation Lists (CRLs).</p></li>
<li><p>Certificates on the revocation list can be either specified by serial number and (optionally) their issuer, or as a path to a certificate file in PEM format.</p></li>
</ul>
</section>
<sectionid="requirements">
<spanid="ansible-collections-community-crypto-x509-crl-module-requirements"></span><h2><aclass="toc-backref"href="#id2"role="doc-backlink">Requirements</a><aclass="headerlink"href="#requirements"title="Link to this heading"></a></h2>
<p>The below requirements are needed on the host that executes this module.</p>
<ulclass="simple">
<li><p>If <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> is set to another value than <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">ignore</span></code>, the <aclass="reference external"href="https://pypi.org/project/idna/">idna Python library</a> needs to be installed.</p></li>
<li><p>cryptography >= 1.2</p></li>
</ul>
</section>
<sectionid="parameters">
<h2><aclass="toc-backref"href="#id3"role="doc-backlink">Parameters</a><aclass="headerlink"href="#parameters"title="Link to this heading"></a></h2>
<aclass="ansibleOptionLink"href="#parameter-attributes"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-aliases">aliases: attr</span></p>
<td><divclass="ansible-option-cell"><p>The attributes the resulting filesystem object should have.</p>
<p>To get supported flags look at the man page for <codeclass="docutils literal notranslate"><spanclass="pre">chattr</span></code> on the target system.</p>
<p>This string should contain the attributes in the same order as the one displayed by <codeclass="docutils literal notranslate"><spanclass="pre">lsattr</span></code>.</p>
<p>The <codeclass="docutils literal notranslate"><spanclass="pre">=</span></code> operator is assumed as default, otherwise <codeclass="docutils literal notranslate"><spanclass="pre">+</span></code> or <codeclass="docutils literal notranslate"><spanclass="pre">-</span></code> operators need to be included in the string.</p>
<aclass="ansibleOptionLink"href="#parameter-backup"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Create a backup file including a timestamp so you can get the original CRL back if you overwrote it with a new one by accident.</p>
<aclass="ansibleOptionLink"href="#parameter-crl_mode"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.13.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Defines how to process entries of existing CRLs.</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">generate</span></code>, makes sure that the CRL has the exact set of revoked certificates as specified in <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates"><spanclass="std std-ref"><spanclass="pre">revoked_certificates</span></span></a></strong></code>.</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">update</span></code>, makes sure that the CRL contains the revoked certificates from <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates"><spanclass="std std-ref"><spanclass="pre">revoked_certificates</span></span></a></strong></code>, but can also contain other revoked certificates. If the CRL file already exists, all entries from the existing CRL will also be included in the new CRL. When using <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">update</span></code>, you might be interested in setting <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps</span></span></a></strong></code> to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<p>The default value is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">generate</span></code>.</p>
<p>This parameter was called <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code> before community.crypto 2.13.0. It has been renamed to avoid a collision with the common <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code> parameter for setting the CRL file’s access mode.</p>
<aclass="ansibleOptionLink"href="#parameter-digest"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Digest algorithm to be used when signing the CRL.</p>
<aclass="ansibleOptionLink"href="#parameter-force"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Should the CRL be forced to be regenerated.</p>
<aclass="ansibleOptionLink"href="#parameter-format"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the CRL file should be in PEM or DER format.</p>
<p>If an existing CRL file does match everything but <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-format"><spanclass="std std-ref"><spanclass="pre">format</span></span></a></strong></code>, it will be converted to the correct format instead of regenerated.</p>
<aclass="ansibleOptionLink"href="#parameter-group"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Name of the group that should own the filesystem object, as would be fed to <codeclass="docutils literal notranslate"><spanclass="pre">chown</span></code>.</p>
<p>When left unspecified, it uses the current group of the current user unless you are root, in which case it can preserve the previous ownership.</p>
<aclass="ansibleOptionLink"href="#parameter-ignore_timestamps"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the timestamps <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-last-update"><spanclass="std std-ref"><spanclass="pre">last_update</span></span></a></strong></code>, <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-next-update"><spanclass="std std-ref"><spanclass="pre">next_update</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-revocation-date"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].revocation_date</span></span></a></strong></code> should be ignored for idempotency checks. The timestamp <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-invalidity-date"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].invalidity_date</span></span></a></strong></code> will never be ignored.</p>
<p>Use this in combination with relative timestamps for these values to get idempotency.</p>
<aclass="ansibleOptionLink"href="#parameter-issuer"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Key/value pairs that will be present in the issuer name field of the CRL.</p>
<p>If you need to specify more than one value with the same key, use a list as value.</p>
<p>If the order of the components is important, use <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer-ordered"><spanclass="std std-ref"><spanclass="pre">issuer_ordered</span></span></a></strong></code>.</p>
<p>One of <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer"><spanclass="std std-ref"><spanclass="pre">issuer</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer-ordered"><spanclass="std std-ref"><spanclass="pre">issuer_ordered</span></span></a></strong></code> is required if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>.</p>
<p>Mutually exclusive with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer-ordered"><spanclass="std std-ref"><spanclass="pre">issuer_ordered</span></span></a></strong></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-issuer_ordered"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=dictionary</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.0.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>A list of dictionaries, where every dictionary must contain one key/value pair. This key/value pair will be present in the issuer name field of the CRL.</p>
<p>If you want to specify more than one value with the same key in a row, you can use a list as value.</p>
<p>One of <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer"><spanclass="std std-ref"><spanclass="pre">issuer</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer-ordered"><spanclass="std std-ref"><spanclass="pre">issuer_ordered</span></span></a></strong></code> is required if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>.</p>
<p>Mutually exclusive with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer"><spanclass="std std-ref"><spanclass="pre">issuer</span></span></a></strong></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-last_update"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The point in time from which this CRL can be trusted.</p>
<p>Time can be specified either as relative time or as absolute timestamp.</p>
<p>Time will always be interpreted as UTC.</p>
<p>Valid format is <codeclass="docutils literal notranslate"><spanclass="pre">[+-]timespec</span><spanclass="pre">|</span><spanclass="pre">ASN.1</span><spanclass="pre">TIME</span></code> where timespec can be an integer + <codeclass="docutils literal notranslate"><spanclass="pre">[w</span><spanclass="pre">|</span><spanclass="pre">d</span><spanclass="pre">|</span><spanclass="pre">h</span><spanclass="pre">|</span><spanclass="pre">m</span><spanclass="pre">|</span><spanclass="pre">s]</span></code> (for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">+32w1d2h</span></code>).</p>
<p>Note that if using relative time this module is NOT idempotent, except when <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps</span></span></a></strong></code> is set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-mode"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>This parameter has been renamed to <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-crl-mode"><spanclass="std std-ref"><spanclass="pre">crl_mode</span></span></a></strong></code>. The old name <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code> is now deprecated and will be removed in community.crypto 3.0.0. Replace usage of this parameter with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-crl-mode"><spanclass="std std-ref"><spanclass="pre">crl_mode</span></span></a></strong></code>.</p>
<p>Note that from community.crypto 3.0.0 on, <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code> will be used for the CRL file’s mode.</p>
<aclass="ansibleOptionLink"href="#parameter-name_encoding"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>How to encode names (DNS names, URIs, email addresses) in return values.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">ignore</span></code> will use the encoding returned by the backend.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">idna</span></code> will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">unicode</span></code> will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.</p>
<p><strong>Note</strong> that <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">idna</span></code> and <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">unicode</span></code> require the <aclass="reference external"href="https://pypi.org/project/idna/">idna Python library</a> to be installed.</p>
<aclass="ansibleOptionLink"href="#parameter-next_update"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The absolute latest point in time by which this <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer"><spanclass="std std-ref"><spanclass="pre">issuer</span></span></a></strong></code> is expected to have issued another CRL. Many clients will treat a CRL as expired once <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-next-update"><spanclass="std std-ref"><spanclass="pre">next_update</span></span></a></strong></code> occurs.</p>
<p>Time can be specified either as relative time or as absolute timestamp.</p>
<p>Time will always be interpreted as UTC.</p>
<p>Valid format is <codeclass="docutils literal notranslate"><spanclass="pre">[+-]timespec</span><spanclass="pre">|</span><spanclass="pre">ASN.1</span><spanclass="pre">TIME</span></code> where timespec can be an integer + <codeclass="docutils literal notranslate"><spanclass="pre">[w</span><spanclass="pre">|</span><spanclass="pre">d</span><spanclass="pre">|</span><spanclass="pre">h</span><spanclass="pre">|</span><spanclass="pre">m</span><spanclass="pre">|</span><spanclass="pre">s]</span></code> (for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">+32w1d2h</span></code>).</p>
<p>Note that if using relative time this module is NOT idempotent, except when <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps</span></span></a></strong></code> is set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<p>Required if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-owner"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Name of the user that should own the filesystem object, as would be fed to <codeclass="docutils literal notranslate"><spanclass="pre">chown</span></code>.</p>
<p>When left unspecified, it uses the current user unless you are root, in which case it can preserve the previous ownership.</p>
<p>Specifying a numeric username will be assumed to be a user ID and not a username. Avoid numeric usernames to avoid this confusion.</p>
<aclass="ansibleOptionLink"href="#parameter-path"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span> / <spanclass="ansible-option-required">required</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Remote absolute path where the generated CRL file should be created or is already located.</p>
<aclass="ansibleOptionLink"href="#parameter-privatekey_content"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The content of the CA’s private key to use when signing the CRL.</p>
<p>Either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-privatekey-path"><spanclass="std std-ref"><spanclass="pre">privatekey_path</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-privatekey-content"><spanclass="std std-ref"><spanclass="pre">privatekey_content</span></span></a></strong></code> must be specified if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>, but not both.</p>
<aclass="ansibleOptionLink"href="#parameter-privatekey_passphrase"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The passphrase for the <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-privatekey-path"><spanclass="std std-ref"><spanclass="pre">privatekey_path</span></span></a></strong></code>.</p>
<p>This is required if the private key is password protected.</p>
<aclass="ansibleOptionLink"href="#parameter-privatekey_path"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Path to the CA’s private key to use when signing the CRL.</p>
<p>Either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-privatekey-path"><spanclass="std std-ref"><spanclass="pre">privatekey_path</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-privatekey-content"><spanclass="std std-ref"><spanclass="pre">privatekey_content</span></span></a></strong></code> must be specified if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>, but not both.</p>
<aclass="ansibleOptionLink"href="#parameter-return_content"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>, will return the (current or generated) CRL’s content as <codeclass="ansible-return-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-return-crl"><spanclass="std std-ref"><spanclass="pre">crl</span></span></a></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=dictionary</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>List of certificates to be revoked.</p>
<p>Required if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/content"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Content of a certificate in PEM format.</p>
<p>The serial number and issuer will be extracted from the certificate.</p>
<p>Mutually exclusive with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-path"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].path</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-serial-number"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].serial_number</span></span></a></strong></code>. One of these three options must be specified.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/invalidity_date"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid.</p>
<p>Time can be specified either as relative time or as absolute timestamp.</p>
<p>Time will always be interpreted as UTC.</p>
<p>Valid format is <codeclass="docutils literal notranslate"><spanclass="pre">[+-]timespec</span><spanclass="pre">|</span><spanclass="pre">ASN.1</span><spanclass="pre">TIME</span></code> where timespec can be an integer + <codeclass="docutils literal notranslate"><spanclass="pre">[w</span><spanclass="pre">|</span><spanclass="pre">d</span><spanclass="pre">|</span><spanclass="pre">h</span><spanclass="pre">|</span><spanclass="pre">m</span><spanclass="pre">|</span><spanclass="pre">s]</span></code> (for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">+32w1d2h</span></code>).</p>
<p>Note that if using relative time this module is NOT idempotent. This will NOT change when <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps</span></span></a></strong></code> is set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/invalidity_date_critical"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the invalidity date extension should be critical.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/issuer"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=string</span></p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/issuer_critical"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the certificate issuer extension should be critical.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/path"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Path to a certificate in PEM format.</p>
<p>The serial number and issuer will be extracted from the certificate.</p>
<p>Mutually exclusive with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-content"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].content</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-serial-number"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].serial_number</span></span></a></strong></code>. One of these three options must be specified.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/reason"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The value for the revocation reason extension.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/reason_critical"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the revocation reason extension should be critical.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/revocation_date"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The point in time the certificate was revoked.</p>
<p>Time can be specified either as relative time or as absolute timestamp.</p>
<p>Time will always be interpreted as UTC.</p>
<p>Valid format is <codeclass="docutils literal notranslate"><spanclass="pre">[+-]timespec</span><spanclass="pre">|</span><spanclass="pre">ASN.1</span><spanclass="pre">TIME</span></code> where timespec can be an integer + <codeclass="docutils literal notranslate"><spanclass="pre">[w</span><spanclass="pre">|</span><spanclass="pre">d</span><spanclass="pre">|</span><spanclass="pre">h</span><spanclass="pre">|</span><spanclass="pre">m</span><spanclass="pre">|</span><spanclass="pre">s]</span></code> (for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">+32w1d2h</span></code>).</p>
<p>Note that if using relative time this module is NOT idempotent, except when <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps</span></span></a></strong></code> is set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/serial_number"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">any</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Serial number of the certificate.</p>
<p>Mutually exclusive with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-path"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].path</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-content"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].content</span></span></a></strong></code>. One of these three options must be specified.</p>
<p>This option accepts integers or hex octet strings, depending on the value of <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-serial-numbers"><spanclass="std std-ref"><spanclass="pre">serial_numbers</span></span></a></strong></code>.</p>
<p>If <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-serial-numbers"><spanclass="std std-ref"><spanclass="pre">serial_numbers=integer</span></span></a></code>, integers such as <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">66223</span></code> must be provided.</p>
<p>If <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-serial-numbers"><spanclass="std std-ref"><spanclass="pre">serial_numbers=hex-octets</span></span></a></code>, strings such as <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">01:02:AF</span></code> must be provided.</p>
<p>You can use the filters <aclass="reference internal"href="parse_serial_filter.html#ansible-collections-community-crypto-parse-serial-filter"><spanclass="std std-ref">community.crypto.parse_serial</span></a> and <aclass="reference internal"href="to_serial_filter.html#ansible-collections-community-crypto-to-serial-filter"><spanclass="std std-ref">community.crypto.to_serial</span></a> to convert these two representations.</p>
<aclass="ansibleOptionLink"href="#parameter-selevel"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The level part of the SELinux filesystem object context.</p>
<p>This is the MLS/MCS attribute, sometimes known as the <codeclass="docutils literal notranslate"><spanclass="pre">range</span></code>.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">level</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-serial_numbers"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.18.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>This option determines which values will be accepted for <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-serial-number"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].serial_number</span></span></a></strong></code>.</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">integer</span></code> (default), serial numbers are assumed to be integers, for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">66223</span></code>. (This example value is equivalent to the hex octet string <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">01:02:AF</span></code>).</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">hex-octets</span></code>, serial numbers are assumed to be colon-separated hex octet strings, for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">01:02:AF</span></code>. (This example value is equivalent to the integer <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">66223</span></code>).</p>
<aclass="ansibleOptionLink"href="#parameter-serole"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The role part of the SELinux filesystem object context.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">role</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-setype"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The type part of the SELinux filesystem object context.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">type</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-seuser"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The user part of the SELinux filesystem object context.</p>
<p>By default it uses the <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">system</span></code> policy, where applicable.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">user</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-state"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the CRL file should exist or not, taking action if the state is different from what is stated.</p>
<aclass="ansibleOptionLink"href="#parameter-unsafe_writes"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target filesystem object.</p>
<p>By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target filesystem objects, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted filesystem objects, which cannot be updated atomically from inside the container and can only be written in an unsafe manner.</p>
<p>This option allows Ansible to fall back to unsafe methods of updating filesystem objects when atomic operations fail (however, it doesn’t force Ansible to perform unsafe writes).</p>
<p>IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption.</p>
<td><divclass="ansible-option-cell"><p>Can run in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code> and return changed status prediction without modifying target.</p>
<td><divclass="ansible-option-cell"><p>Will return details on what has changed (or possibly needs changing in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code>), when in diff mode.</p>
<p>The module is not idempotent if <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-force"><spanclass="std std-ref"><spanclass="pre">force=true</span></span></a></code>.</p>
<p>If relative timestamps and <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps=false</span></span></a></code> (default), the module is not idempotent.</p>
<td><divclass="ansible-option-cell"><p>When run twice in a row outside check mode, with the same arguments, the second invocation indicates no change.</p>
<td><divclass="ansible-option-cell"><p>Uses Ansible’s strict file operation functions to ensure proper permissions and avoid data corruption.</p>
</div></td>
</tr>
</tbody>
</table>
</section>
<sectionid="notes">
<h2><aclass="toc-backref"href="#id5"role="doc-backlink">Notes</a><aclass="headerlink"href="#notes"title="Link to this heading"></a></h2>
<divclass="admonition note">
<pclass="admonition-title">Note</p>
<ulclass="simple">
<li><p>All ASN.1 TIME values should be specified following the YYYYMMDDHHMMSSZ pattern.</p></li>
<li><p>Date specified should be UTC. Minutes and seconds are mandatory.</p></li>
</ul>
</div>
</section>
<sectionid="see-also">
<h2><aclass="toc-backref"href="#id6"role="doc-backlink">See Also</a><aclass="headerlink"href="#see-also"title="Link to this heading"></a></h2>
<divclass="admonition seealso">
<pclass="admonition-title">See also</p>
<dlclass="simple">
<dt><aclass="reference internal"href="parse_serial_filter.html#ansible-collections-community-crypto-parse-serial-filter"><spanclass="std std-ref">community.crypto.parse_serial</span></a> filter plugin</dt><dd><p>Convert a serial number as a colon-separated list of hex numbers to an integer.</p>
</dd>
<dt><aclass="reference internal"href="to_serial_filter.html#ansible-collections-community-crypto-to-serial-filter"><spanclass="std std-ref">community.crypto.to_serial</span></a> filter plugin</dt><dd><p>Convert an integer to a colon-separated list of hex numbers.</p>
</dd>
</dl>
</div>
</section>
<sectionid="examples">
<h2><aclass="toc-backref"href="#id7"role="doc-backlink">Examples</a><aclass="headerlink"href="#examples"title="Link to this heading"></a></h2>
<divclass="highlight-yaml+jinja notranslate"><divclass="highlight"><pre><span></span><spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Generate a CRL</span>
<h2><aclass="toc-backref"href="#id8"role="doc-backlink">Return Values</a><aclass="headerlink"href="#return-values"title="Link to this heading"></a></h2>
<p>Common return values are documented <aclass="reference external"href="https://docs.ansible.com/ansible/devel/reference_appendices/common_return_values.html#common-return-values"title="(in Ansible vdevel)"><spanclass="xref std std-ref">here</span></a>, the following are the fields unique to this module:</p>
<aclass="ansibleOptionLink"href="#return-backup_file"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Name of backup file created.</p>
<pclass="ansible-option-line"><strongclass="ansible-option-returned-bold">Returned:</strong> changed and if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-backup"><spanclass="std std-ref"><spanclass="pre">backup</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code></p>
<aclass="ansibleOptionLink"href="#return-crl"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The (current or generated) CRL’s content.</p>
<p>Will be the CRL itself if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-format"><spanclass="std std-ref"><spanclass="pre">format</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">pem</span></code>, and Base64 of the CRL if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-format"><spanclass="std std-ref"><spanclass="pre">format</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">der</span></code>.</p>
<pclass="ansible-option-line"><strongclass="ansible-option-returned-bold">Returned:</strong> if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-return-content"><spanclass="std std-ref"><spanclass="pre">return_content</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code></p>
<aclass="ansibleOptionLink"href="#return-digest"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The signature algorithm used to sign the CRL.</p>
<aclass="ansibleOptionLink"href="#return-filename"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Path to the generated CRL.</p>
<pclass="ansible-option-line"><strongclass="ansible-option-returned-bold">Returned:</strong> changed or success</p>
<aclass="ansibleOptionLink"href="#return-format"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the CRL is in PEM format (<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">pem</span></code>) or in DER format (<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">der</span></code>).</p>
<aclass="ansibleOptionLink"href="#return-issuer"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
<p>Note that for repeated values, only the last one will be returned.</p>
<p>See <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> for how IDNs are handled.</p>
<aclass="ansibleOptionLink"href="#return-issuer_ordered"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=list</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The CRL’s issuer as an ordered list of tuples.</p>
<aclass="ansibleOptionLink"href="#return-last_update"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The point in time from which this CRL can be trusted as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-next_update"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-privatekey"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Path to the private CA key.</p>
<pclass="ansible-option-line"><strongclass="ansible-option-returned-bold">Returned:</strong> changed or success</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=dictionary</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>List of certificates to be revoked.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/invalidity_date"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The point in time it was known/suspected that the private key was compromised
or that the certificate otherwise became invalid as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/invalidity_date_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the invalidity date extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/issuer"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=string</span></p>
<p>See <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> for how IDNs are handled.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/issuer_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the certificate issuer extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/reason"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The value for the revocation reason extension.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/reason_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the revocation reason extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/revocation_date"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The point in time the certificate was revoked as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/serial_number"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Serial number of the certificate.</p>
<p>This return value is an <strong>integer</strong>. If you need the serial numbers as a colon-separated hex string, such as <codeclass="docutils literal notranslate"><spanclass="pre">11:22:33</span></code>, you need to convert it to that form with <aclass="reference internal"href="to_serial_filter.html#ansible-collections-community-crypto-to-serial-filter"><spanclass="std std-ref">community.crypto.to_serial</span></a>.</p>
<li><span><aaria-role="button"class="ansible-link reference external"href="https://forum.ansible.com/tags/c/help/6/none/crypto"rel="noopener external"target="_blank">Ask for help (crypto)</a></span></li>
<li><span><aaria-role="button"class="ansible-link reference external"href="https://forum.ansible.com/tags/c/help/6/none/acme"rel="noopener external"target="_blank">Ask for help (ACME)</a></span></li>
<li><span><aaria-role="button"class="ansible-link reference external"href="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&labels=&template=bug_report.md"rel="noopener external"target="_blank">Submit a bug report</a></span></li>
<li><span><aaria-role="button"class="ansible-link reference external"href="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&labels=&template=feature_request.md"rel="noopener external"target="_blank">Request a feature</a></span></li>
