<linkrel="next"title="community.crypto.x509_crl_info module – Retrieve information on Certificate Revocation Lists (CRLs)"href="x509_crl_info_module.html"/>
<linkrel="prev"title="community.crypto.x509_certificate_pipe module – Generate and/or check OpenSSL certificates"href="x509_certificate_pipe_module.html"/><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
</head>
<bodyclass="wy-body-for-nav"><!-- extra body elements for Ansible beyond RTD Sphinx Theme -->
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_selfsigned.html">How to create self-signed certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_ownca.html">How to create a small CA</a></li>
</ul>
<ulclass="current">
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_module.html">community.crypto.acme_account module – Create, modify or delete ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves information on ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_ari_info_module.html">community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_order_create_module.html">community.crypto.acme_certificate_order_create module – Create an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_order_finalize_module.html">community.crypto.acme_certificate_order_finalize module – Finalize an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_order_info_module.html">community.crypto.acme_certificate_order_info module – Obtain information for an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_order_validate_module.html">community.crypto.acme_certificate_order_validate module – Validate authorizations of an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <codeclass="docutils literal notranslate"><spanclass="pre">tls-alpn-01</span></code></a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="certificate_complete_chain_module.html">community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_csr_info_module.html">community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR)</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_module.html">community.crypto.openssl_privatekey_info module – Provide information for OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_pipe_module.html">community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_module.html">community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_module.html">community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_module.html">community.crypto.openssl_signature module – Sign data with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_info_module.html">community.crypto.openssl_signature_info module – Verify signatures with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_module.html">community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_filter.html">community.crypto.gpg_fingerprint filter – Retrieve a GPG fingerprint from a GPG public or private key</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_filter.html">community.crypto.openssl_privatekey_info filter – Retrieve information from OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_filter.html">community.crypto.openssl_publickey_info filter – Retrieve information from OpenSSL public keys in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="parse_serial_filter.html">community.crypto.parse_serial filter – Convert a serial number as a colon-separated list of hex numbers to an integer</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="to_serial_filter.html">community.crypto.to_serial filter – Convert an integer to a colon-separated list of hex numbers</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_filter.html">community.crypto.x509_certificate_info filter – Retrieve information from X.509 certificates in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_crl_info_filter.html">community.crypto.x509_crl_info filter – Retrieve information from X.509 CRLs in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_lookup.html">community.crypto.gpg_fingerprint lookup – Retrieve a GPG fingerprint from a GPG public or private key file</a></li>
<ahref="https://github.com/ansible-collections/community.crypto/edit/main/plugins/modules/x509_crl.py?description=%23%23%23%23%23%20SUMMARY%0A%3C!—%20Your%20description%20here%20–%3E%0A%0A%0A%23%23%23%23%23%20ISSUE%20TYPE%0A-%20Docs%20Pull%20Request%0A%0A%2Blabel:%20docsite_pr"class="fa fa-github"> Edit on GitHub</a>
<p>This module is part of the <aclass="reference external"href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.24.0).</p>
<p>It is not included in <codeclass="docutils literal notranslate"><spanclass="pre">ansible-core</span></code>.
To check whether it is installed, run <codeclass="code docutils literal notranslate"><spanclass="pre">ansible-galaxy</span><spanclass="pre">collection</span><spanclass="pre">list</span></code>.</p>
You need further requirements to be able to use this module,
see <aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-requirements"><spanclass="std std-ref">Requirements</span></a> for details.</p>
<p>To use it in a playbook, specify: <codeclass="code docutils literal notranslate"><spanclass="pre">community.crypto.x509_crl</span></code>.</p>
</div>
<pclass="ansible-version-added">New in community.crypto 1.0.0</p>
<li><p>This module allows one to (re)generate or update Certificate Revocation Lists (CRLs).</p></li>
<li><p>Certificates on the revocation list can be either specified by serial number and (optionally) their issuer, or as a path to a certificate file in PEM format.</p></li>
<spanid="ansible-collections-community-crypto-x509-crl-module-requirements"></span><h2><aclass="toc-backref"href="#id2"role="doc-backlink">Requirements</a><aclass="headerlink"href="#requirements"title="Link to this heading"></a></h2>
<li><p>If <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> is set to another value than <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">ignore</span></code>, the <aclass="reference external"href="https://pypi.org/project/idna/">idna Python library</a> needs to be installed.</p></li>
<aclass="ansibleOptionLink"href="#parameter-attributes"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-aliases">aliases: attr</span></p>
<p>To get supported flags look at the man page for <codeclass="docutils literal notranslate"><spanclass="pre">chattr</span></code> on the target system.</p>
<p>This string should contain the attributes in the same order as the one displayed by <codeclass="docutils literal notranslate"><spanclass="pre">lsattr</span></code>.</p>
<p>The <codeclass="docutils literal notranslate"><spanclass="pre">=</span></code> operator is assumed as default, otherwise <codeclass="docutils literal notranslate"><spanclass="pre">+</span></code> or <codeclass="docutils literal notranslate"><spanclass="pre">-</span></code> operators need to be included in the string.</p>
<aclass="ansibleOptionLink"href="#parameter-backup"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Create a backup file including a timestamp so you can get the original CRL back if you overwrote it with a new one by accident.</p>
<aclass="ansibleOptionLink"href="#parameter-crl_mode"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">generate</span></code>, makes sure that the CRL has the exact set of revoked certificates as specified in <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates"><spanclass="std std-ref"><spanclass="pre">revoked_certificates</span></span></a></strong></code>.</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">update</span></code>, makes sure that the CRL contains the revoked certificates from <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates"><spanclass="std std-ref"><spanclass="pre">revoked_certificates</span></span></a></strong></code>, but can also contain other revoked certificates. If the CRL file already exists, all entries from the existing CRL will also be included in the new CRL. When using <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">update</span></code>, you might be interested in setting <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps</span></span></a></strong></code> to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<p>The default value is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">generate</span></code>.</p>
<p>This parameter was called <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code> before community.crypto 2.13.0. It has been renamed to avoid a collision with the common <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code> parameter for setting the CRL file’s access mode.</p>
<aclass="ansibleOptionLink"href="#parameter-digest"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Digest algorithm to be used when signing the CRL.</p>
<aclass="ansibleOptionLink"href="#parameter-force"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Should the CRL be forced to be regenerated.</p>
<aclass="ansibleOptionLink"href="#parameter-format"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the CRL file should be in PEM or DER format.</p>
<p>If an existing CRL file does match everything but <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-format"><spanclass="std std-ref"><spanclass="pre">format</span></span></a></strong></code>, it will be converted to the correct format instead of regenerated.</p>
<aclass="ansibleOptionLink"href="#parameter-group"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>Name of the group that should own the filesystem object, as would be fed to <codeclass="docutils literal notranslate"><spanclass="pre">chown</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-ignore_timestamps"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
<td><divclass="ansible-option-cell"><p>Whether the timestamps <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-last-update"><spanclass="std std-ref"><spanclass="pre">last_update</span></span></a></strong></code>, <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-next-update"><spanclass="std std-ref"><spanclass="pre">next_update</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-revocation-date"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].revocation_date</span></span></a></strong></code> should be ignored for idempotency checks. The timestamp <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-invalidity-date"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].invalidity_date</span></span></a></strong></code> will never be ignored.</p>
<aclass="ansibleOptionLink"href="#parameter-issuer"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Key/value pairs that will be present in the issuer name field of the CRL.</p>
<p>If you need to specify more than one value with the same key, use a list as value.</p>
<p>If the order of the components is important, use <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer-ordered"><spanclass="std std-ref"><spanclass="pre">issuer_ordered</span></span></a></strong></code>.</p>
<p>One of <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer"><spanclass="std std-ref"><spanclass="pre">issuer</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer-ordered"><spanclass="std std-ref"><spanclass="pre">issuer_ordered</span></span></a></strong></code> is required if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>.</p>
<p>Mutually exclusive with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer-ordered"><spanclass="std std-ref"><spanclass="pre">issuer_ordered</span></span></a></strong></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-issuer_ordered"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=dictionary</span></p>
<td><divclass="ansible-option-cell"><p>A list of dictionaries, where every dictionary must contain one key/value pair. This key/value pair will be present in the issuer name field of the CRL.</p>
<p>If you want to specify more than one value with the same key in a row, you can use a list as value.</p>
<aclass="ansibleOptionLink"href="#parameter-last_update"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The point in time from which this CRL can be trusted.</p>
<p>Time can be specified either as relative time or as absolute timestamp.</p>
<p>Valid format is <codeclass="docutils literal notranslate"><spanclass="pre">[+-]timespec</span><spanclass="pre">|</span><spanclass="pre">ASN.1</span><spanclass="pre">TIME</span></code> where timespec can be an integer + <codeclass="docutils literal notranslate"><spanclass="pre">[w</span><spanclass="pre">|</span><spanclass="pre">d</span><spanclass="pre">|</span><spanclass="pre">h</span><spanclass="pre">|</span><spanclass="pre">m</span><spanclass="pre">|</span><spanclass="pre">s]</span></code> (for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">+32w1d2h</span></code>).</p>
<p>Note that if using relative time this module is NOT idempotent, except when <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps</span></span></a></strong></code> is set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-mode"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>This parameter has been renamed to <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-crl-mode"><spanclass="std std-ref"><spanclass="pre">crl_mode</span></span></a></strong></code>. The old name <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code> is now deprecated and will be removed in community.crypto 3.0.0. Replace usage of this parameter with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-crl-mode"><spanclass="std std-ref"><spanclass="pre">crl_mode</span></span></a></strong></code>.</p>
<p>Note that from community.crypto 3.0.0 on, <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code> will be used for the CRL file’s mode.</p>
<aclass="ansibleOptionLink"href="#parameter-name_encoding"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>How to encode names (DNS names, URIs, email addresses) in return values.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">ignore</span></code> will use the encoding returned by the backend.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">idna</span></code> will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">unicode</span></code> will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.</p>
<p><strong>Note</strong> that <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">idna</span></code> and <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">unicode</span></code> require the <aclass="reference external"href="https://pypi.org/project/idna/">idna Python library</a> to be installed.</p>
<aclass="ansibleOptionLink"href="#parameter-next_update"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>The absolute latest point in time by which this <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-issuer"><spanclass="std std-ref"><spanclass="pre">issuer</span></span></a></strong></code> is expected to have issued another CRL. Many clients will treat a CRL as expired once <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-next-update"><spanclass="std std-ref"><spanclass="pre">next_update</span></span></a></strong></code> occurs.</p>
<p>Valid format is <codeclass="docutils literal notranslate"><spanclass="pre">[+-]timespec</span><spanclass="pre">|</span><spanclass="pre">ASN.1</span><spanclass="pre">TIME</span></code> where timespec can be an integer + <codeclass="docutils literal notranslate"><spanclass="pre">[w</span><spanclass="pre">|</span><spanclass="pre">d</span><spanclass="pre">|</span><spanclass="pre">h</span><spanclass="pre">|</span><spanclass="pre">m</span><spanclass="pre">|</span><spanclass="pre">s]</span></code> (for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">+32w1d2h</span></code>).</p>
<p>Note that if using relative time this module is NOT idempotent, except when <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps</span></span></a></strong></code> is set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<p>Required if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-owner"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>Name of the user that should own the filesystem object, as would be fed to <codeclass="docutils literal notranslate"><spanclass="pre">chown</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-path"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span> / <spanclass="ansible-option-required">required</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Remote absolute path where the generated CRL file should be created or is already located.</p>
<aclass="ansibleOptionLink"href="#parameter-privatekey_content"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The content of the CA’s private key to use when signing the CRL.</p>
<p>Either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-privatekey-path"><spanclass="std std-ref"><spanclass="pre">privatekey_path</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-privatekey-content"><spanclass="std std-ref"><spanclass="pre">privatekey_content</span></span></a></strong></code> must be specified if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>, but not both.</p>
<aclass="ansibleOptionLink"href="#parameter-privatekey_passphrase"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>The passphrase for the <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-privatekey-path"><spanclass="std std-ref"><spanclass="pre">privatekey_path</span></span></a></strong></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-privatekey_path"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Path to the CA’s private key to use when signing the CRL.</p>
<p>Either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-privatekey-path"><spanclass="std std-ref"><spanclass="pre">privatekey_path</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-privatekey-content"><spanclass="std std-ref"><spanclass="pre">privatekey_content</span></span></a></strong></code> must be specified if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-state"><spanclass="std std-ref"><spanclass="pre">state</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">present</span></code>, but not both.</p>
<aclass="ansibleOptionLink"href="#parameter-return_content"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
<td><divclass="ansible-option-cell"><p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>, will return the (current or generated) CRL’s content as <codeclass="ansible-return-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-return-crl"><spanclass="std std-ref"><spanclass="pre">crl</span></span></a></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=dictionary</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>List of certificates to be revoked.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/content"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Content of a certificate in PEM format.</p>
<p>The serial number and issuer will be extracted from the certificate.</p>
<p>Mutually exclusive with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-path"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].path</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-serial-number"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].serial_number</span></span></a></strong></code>. One of these three options must be specified.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/invalidity_date"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid.</p>
<p>Time can be specified either as relative time or as absolute timestamp.</p>
<p>Valid format is <codeclass="docutils literal notranslate"><spanclass="pre">[+-]timespec</span><spanclass="pre">|</span><spanclass="pre">ASN.1</span><spanclass="pre">TIME</span></code> where timespec can be an integer + <codeclass="docutils literal notranslate"><spanclass="pre">[w</span><spanclass="pre">|</span><spanclass="pre">d</span><spanclass="pre">|</span><spanclass="pre">h</span><spanclass="pre">|</span><spanclass="pre">m</span><spanclass="pre">|</span><spanclass="pre">s]</span></code> (for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">+32w1d2h</span></code>).</p>
<p>Note that if using relative time this module is NOT idempotent. This will NOT change when <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps</span></span></a></strong></code> is set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/invalidity_date_critical"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the invalidity date extension should be critical.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/issuer"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=string</span></p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/issuer_critical"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the certificate issuer extension should be critical.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/path"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Path to a certificate in PEM format.</p>
<p>The serial number and issuer will be extracted from the certificate.</p>
<p>Mutually exclusive with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-content"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].content</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-serial-number"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].serial_number</span></span></a></strong></code>. One of these three options must be specified.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/reason"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The value for the revocation reason extension.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/reason_critical"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the revocation reason extension should be critical.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/revocation_date"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The point in time the certificate was revoked.</p>
<p>Time can be specified either as relative time or as absolute timestamp.</p>
<p>Valid format is <codeclass="docutils literal notranslate"><spanclass="pre">[+-]timespec</span><spanclass="pre">|</span><spanclass="pre">ASN.1</span><spanclass="pre">TIME</span></code> where timespec can be an integer + <codeclass="docutils literal notranslate"><spanclass="pre">[w</span><spanclass="pre">|</span><spanclass="pre">d</span><spanclass="pre">|</span><spanclass="pre">h</span><spanclass="pre">|</span><spanclass="pre">m</span><spanclass="pre">|</span><spanclass="pre">s]</span></code> (for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">+32w1d2h</span></code>).</p>
<p>Note that if using relative time this module is NOT idempotent, except when <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps</span></span></a></strong></code> is set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-revoked_certificates/serial_number"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">any</span></p>
<p>Mutually exclusive with <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-path"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].path</span></span></a></strong></code> and <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-content"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].content</span></span></a></strong></code>. One of these three options must be specified.</p>
<p>This option accepts integers or hex octet strings, depending on the value of <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-serial-numbers"><spanclass="std std-ref"><spanclass="pre">serial_numbers</span></span></a></strong></code>.</p>
<p>If <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-serial-numbers"><spanclass="std std-ref"><spanclass="pre">serial_numbers=integer</span></span></a></code>, integers such as <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">66223</span></code> must be provided.</p>
<p>If <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-serial-numbers"><spanclass="std std-ref"><spanclass="pre">serial_numbers=hex-octets</span></span></a></code>, strings such as <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">01:02:AF</span></code> must be provided.</p>
<p>You can use the filters <aclass="reference internal"href="parse_serial_filter.html#ansible-collections-community-crypto-parse-serial-filter"><spanclass="std std-ref">community.crypto.parse_serial</span></a> and <aclass="reference internal"href="to_serial_filter.html#ansible-collections-community-crypto-to-serial-filter"><spanclass="std std-ref">community.crypto.to_serial</span></a> to convert these two representations.</p>
<aclass="ansibleOptionLink"href="#parameter-selevel"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The level part of the SELinux filesystem object context.</p>
<p>This is the MLS/MCS attribute, sometimes known as the <codeclass="docutils literal notranslate"><spanclass="pre">range</span></code>.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">level</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-serial_numbers"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><emclass="ansible-option-versionadded">added in community.crypto 2.18.0</em></p>
</div></td>
<td><divclass="ansible-option-cell"><p>This option determines which values will be accepted for <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-revoked-certificates-serial-number"><spanclass="std std-ref"><spanclass="pre">revoked_certificates[].serial_number</span></span></a></strong></code>.</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">integer</span></code> (default), serial numbers are assumed to be integers, for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">66223</span></code>. (This example value is equivalent to the hex octet string <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">01:02:AF</span></code>).</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">hex-octets</span></code>, serial numbers are assumed to be colon-separated hex octet strings, for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">01:02:AF</span></code>. (This example value is equivalent to the integer <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">66223</span></code>).</p>
<aclass="ansibleOptionLink"href="#parameter-serole"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The role part of the SELinux filesystem object context.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">role</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-setype"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The type part of the SELinux filesystem object context.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">type</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-seuser"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The user part of the SELinux filesystem object context.</p>
<p>By default it uses the <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">system</span></code> policy, where applicable.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">user</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-state"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the CRL file should exist or not, taking action if the state is different from what is stated.</p>
<aclass="ansibleOptionLink"href="#parameter-unsafe_writes"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target filesystem object.</p>
<p>By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target filesystem objects, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted filesystem objects, which cannot be updated atomically from inside the container and can only be written in an unsafe manner.</p>
<p>This option allows Ansible to fall back to unsafe methods of updating filesystem objects when atomic operations fail (however, it doesn’t force Ansible to perform unsafe writes).</p>
<p>IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption.</p>
<td><divclass="ansible-option-cell"><p>Can run in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code> and return changed status prediction without modifying target.</p>
<td><divclass="ansible-option-cell"><p>Will return details on what has changed (or possibly needs changing in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code>), when in diff mode.</p>
<p>The module is not idempotent if <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-force"><spanclass="std std-ref"><spanclass="pre">force=true</span></span></a></code>.</p>
<p>If relative timestamps and <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-ignore-timestamps"><spanclass="std std-ref"><spanclass="pre">ignore_timestamps=false</span></span></a></code> (default), the module is not idempotent.</p>
</div></td>
<td><divclass="ansible-option-cell"><p>When run twice in a row outside check mode, with the same arguments, the second invocation indicates no change.</p>
<p>This assumes that the system controlled/queried by the module has not changed in a relevant way.</p>
<h2><aclass="toc-backref"href="#id6"role="doc-backlink">See Also</a><aclass="headerlink"href="#see-also"title="Link to this heading"></a></h2>
<divclass="admonition seealso">
<pclass="admonition-title">See also</p>
<dlclass="simple">
<dt><aclass="reference internal"href="parse_serial_filter.html#ansible-collections-community-crypto-parse-serial-filter"><spanclass="std std-ref">community.crypto.parse_serial</span></a> filter plugin</dt><dd><p>Convert a serial number as a colon-separated list of hex numbers to an integer.</p>
</dd>
<dt><aclass="reference internal"href="to_serial_filter.html#ansible-collections-community-crypto-to-serial-filter"><spanclass="std std-ref">community.crypto.to_serial</span></a> filter plugin</dt><dd><p>Convert an integer to a colon-separated list of hex numbers.</p>
<h2><aclass="toc-backref"href="#id8"role="doc-backlink">Return Values</a><aclass="headerlink"href="#return-values"title="Link to this heading"></a></h2>
<p>Common return values are documented <aclass="reference external"href="https://docs.ansible.com/ansible/devel/reference_appendices/common_return_values.html#common-return-values"title="(in Ansible vdevel)"><spanclass="xref std std-ref">here</span></a>, the following are the fields unique to this module:</p>
<aclass="ansibleOptionLink"href="#return-backup_file"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Name of backup file created.</p>
<pclass="ansible-option-line"><strongclass="ansible-option-returned-bold">Returned:</strong> changed and if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-backup"><spanclass="std std-ref"><spanclass="pre">backup</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code></p>
<aclass="ansibleOptionLink"href="#return-crl"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The (current or generated) CRL’s content.</p>
<p>Will be the CRL itself if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-format"><spanclass="std std-ref"><spanclass="pre">format</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">pem</span></code>, and Base64 of the CRL if <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-format"><spanclass="std std-ref"><spanclass="pre">format</span></span></a></strong></code> is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">der</span></code>.</p>
<aclass="ansibleOptionLink"href="#return-digest"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The signature algorithm used to sign the CRL.</p>
<aclass="ansibleOptionLink"href="#return-filename"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Path to the generated CRL.</p>
<aclass="ansibleOptionLink"href="#return-format"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>Whether the CRL is in PEM format (<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">pem</span></code>) or in DER format (<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">der</span></code>).</p>
<aclass="ansibleOptionLink"href="#return-issuer"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
<p>See <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> for how IDNs are handled.</p>
<aclass="ansibleOptionLink"href="#return-issuer_ordered"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=list</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The CRL’s issuer as an ordered list of tuples.</p>
<aclass="ansibleOptionLink"href="#return-last_update"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The point in time from which this CRL can be trusted as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-next_update"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-privatekey"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Path to the private CA key.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=dictionary</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>List of certificates to be revoked.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/invalidity_date"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The point in time it was known/suspected that the private key was compromised
or that the certificate otherwise became invalid as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/invalidity_date_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the invalidity date extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/issuer"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=string</span></p>
<p>See <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> for how IDNs are handled.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/issuer_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the certificate issuer extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/reason"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The value for the revocation reason extension.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/reason_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the revocation reason extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/revocation_date"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The point in time the certificate was revoked as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/serial_number"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Serial number of the certificate.</p>
<p>This return value is an <strong>integer</strong>. If you need the serial numbers as a colon-separated hex string, such as <codeclass="docutils literal notranslate"><spanclass="pre">11:22:33</span></code>, you need to convert it to that form with <aclass="reference internal"href="to_serial_filter.html#ansible-collections-community-crypto-to-serial-filter"><spanclass="std std-ref">community.crypto.to_serial</span></a>.</p>
<li><span><aaria-role="button"class="ansible-link reference external"href="https://forum.ansible.com/tags/c/help/6/none/crypto"rel="noopener external"target="_blank">Ask for help (crypto)</a></span></li>
<li><span><aaria-role="button"class="ansible-link reference external"href="https://forum.ansible.com/tags/c/help/6/none/acme"rel="noopener external"target="_blank">Ask for help (ACME)</a></span></li>
