<linkrel="next"title="community.crypto.gpg_fingerprint filter – Retrieve a GPG fingerprint from a GPG public or private key"href="gpg_fingerprint_filter.html"/>
<linkrel="prev"title="community.crypto.x509_crl module – Generate Certificate Revocation Lists (CRLs)"href="x509_crl_module.html"/><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
</head>
<bodyclass="wy-body-for-nav"><!-- extra body elements for Ansible beyond RTD Sphinx Theme -->
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_selfsigned.html">How to create self-signed certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_ownca.html">How to create a small CA</a></li>
</ul>
<ulclass="current">
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_module.html">community.crypto.acme_account module – Create, modify or delete ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves information on ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_module.html">community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <codeclass="docutils literal notranslate"><spanclass="pre">tls-alpn-01</span></code></a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="certificate_complete_chain_module.html">community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates.</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_csr_info_module.html">community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR)</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_module.html">community.crypto.openssl_privatekey_info module – Provide information for OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_pipe_module.html">community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_module.html">community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key.</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_module.html">community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_module.html">community.crypto.openssl_signature module – Sign data with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_info_module.html">community.crypto.openssl_signature_info module – Verify signatures with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_module.html">community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_filter.html">community.crypto.gpg_fingerprint filter – Retrieve a GPG fingerprint from a GPG public or private key</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_filter.html">community.crypto.openssl_privatekey_info filter – Retrieve information from OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_filter.html">community.crypto.openssl_publickey_info filter – Retrieve information from OpenSSL public keys in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_filter.html">community.crypto.x509_certificate_info filter – Retrieve information from X.509 certificates in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_crl_info_filter.html">community.crypto.x509_crl_info filter – Retrieve information from X.509 CRLs in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_lookup.html">community.crypto.gpg_fingerprint lookup – Retrieve a GPG fingerprint from a GPG public or private key file</a></li>
<liclass="breadcrumb-item active">community.crypto.x509_crl_info module – Retrieve information on Certificate Revocation Lists (CRLs)</li>
<liclass="wy-breadcrumbs-aside">
<!-- User defined GitHub URL -->
<ahref="https://github.com/ansible-collections/community.crypto/edit/main/plugins/modules/x509_crl_info.py?description=%23%23%23%23%23%20SUMMARY%0A%3C!—%20Your%20description%20here%20–%3E%0A%0A%0A%23%23%23%23%23%20ISSUE%20TYPE%0A-%20Docs%20Pull%20Request%0A%0A%2Blabel:%20docsite_pr"class="fa fa-github"> Edit on GitHub</a>
<h1>community.crypto.x509_crl_info module – Retrieve information on Certificate Revocation Lists (CRLs)<aclass="headerlink"href="#community-crypto-x509-crl-info-module-retrieve-information-on-certificate-revocation-lists-crls"title="Link to this heading"></a></h1>
<p>This module is part of the <aclass="reference external"href="https://galaxy.ansible.com/community/crypto">community.crypto collection</a> (version 2.16.0).</p>
You need further requirements to be able to use this module,
see <aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-info-module-requirements"><spanclass="std std-ref">Requirements</span></a> for details.</p>
<p>To use it in a playbook, specify: <codeclass="code docutils literal notranslate"><spanclass="pre">community.crypto.x509_crl_info</span></code>.</p>
</div>
<pclass="ansible-version-added">New in community.crypto 1.0.0</p>
<spanid="ansible-collections-community-crypto-x509-crl-info-module-requirements"></span><h2><aclass="toc-backref"href="#id2"role="doc-backlink">Requirements</a><aclass="headerlink"href="#requirements"title="Link to this heading"></a></h2>
<li><p>If <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-info-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> is set to another value than <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">ignore</span></code>, the <aclass="reference external"href="https://pypi.org/project/idna/">idna Python library</a> needs to be installed.</p></li>
<aclass="ansibleOptionLink"href="#parameter-content"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Content of the X.509 CRL in PEM format, or Base64-encoded X.509 CRL.</p>
<p>Either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-info-module-parameter-path"><spanclass="std std-ref"><spanclass="pre">path</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-info-module-parameter-content"><spanclass="std std-ref"><spanclass="pre">content</span></span></a></strong></code> must be specified, but not both.</p>
<aclass="ansibleOptionLink"href="#parameter-list_revoked_certificates"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
<p><spanclass="ansible-option-versionadded">added in community.crypto 1.7.0</span></p>
<td><divclass="ansible-option-cell"><p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">false</span></code>, the list of revoked certificates is not included in the result.</p>
<p>This is useful when retrieving information on large CRL files. Enumerating all revoked certificates can take some time, including serializing the result as JSON, sending it to the Ansible controller, and decoding it again.</p>
<aclass="ansibleOptionLink"href="#parameter-name_encoding"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>How to encode names (DNS names, URIs, email addresses) in return values.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">ignore</span></code> will use the encoding returned by the backend.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">idna</span></code> will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">unicode</span></code> will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.</p>
<p><strong>Note</strong> that <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">idna</span></code> and <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">unicode</span></code> require the <aclass="reference external"href="https://pypi.org/project/idna/">idna Python library</a> to be installed.</p>
<aclass="ansibleOptionLink"href="#parameter-path"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Remote absolute path where the generated CRL file should be created or is already located.</p>
<p>Either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-info-module-parameter-path"><spanclass="std std-ref"><spanclass="pre">path</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-info-module-parameter-content"><spanclass="std std-ref"><spanclass="pre">content</span></span></a></strong></code> must be specified, but not both.</p>
<td><divclass="ansible-option-cell"><p>Can run in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code> and return changed status prediction without modifying target.</p>
<td><divclass="ansible-option-cell"><p>Will return details on what has changed (or possibly needs changing in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code>), when in diff mode.</p>
<li><p>All timestamp values are provided in ASN.1 TIME format, in other words, following the <codeclass="docutils literal notranslate"><spanclass="pre">YYYYMMDDHHMMSSZ</span></code> pattern. They are all in UTC.</p></li>
<dt><aclass="reference internal"href="x509_crl_info_filter.html#ansible-collections-community-crypto-x509-crl-info-filter"><spanclass="std std-ref">community.crypto.x509_crl_info</span></a> filter plugin</dt><dd><p>A filter variant of this module.</p>
<divclass="highlight-yaml+jinja notranslate"><divclass="highlight"><pre><span></span><spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Get information on CRL</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Get information on CRL without list of revoked certificates</span>
<h2><aclass="toc-backref"href="#id8"role="doc-backlink">Return Values</a><aclass="headerlink"href="#return-values"title="Link to this heading"></a></h2>
<p>Common return values are documented <aclass="reference external"href="https://docs.ansible.com/ansible/devel/reference_appendices/common_return_values.html#common-return-values"title="(in Ansible vdevel)"><spanclass="xref std std-ref">here</span></a>, the following are the fields unique to this module:</p>
<aclass="ansibleOptionLink"href="#return-digest"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The signature algorithm used to sign the CRL.</p>
<aclass="ansibleOptionLink"href="#return-format"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>Whether the CRL is in PEM format (<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">pem</span></code>) or in DER format (<codeclass="ansible-value docutils literal notranslate"><spanclass="pre">der</span></code>).</p>
<aclass="ansibleOptionLink"href="#return-issuer"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
<p>See <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-info-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> for how IDNs are handled.</p>
<aclass="ansibleOptionLink"href="#return-issuer_ordered"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=list</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The CRL’s issuer as an ordered list of tuples.</p>
<aclass="ansibleOptionLink"href="#return-last_update"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The point in time from which this CRL can be trusted as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-next_update"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The point in time from which a new CRL will be issued and the client has to check for it as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=dictionary</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>List of certificates to be revoked.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/invalidity_date"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The point in time it was known/suspected that the private key was compromised
or that the certificate otherwise became invalid as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/invalidity_date_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the invalidity date extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/issuer"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=string</span></p>
<p>See <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-crl-info-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> for how IDNs are handled.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/issuer_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the certificate issuer extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/reason"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The value for the revocation reason extension.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/reason_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the revocation reason extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/revocation_date"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The point in time the certificate was revoked as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-revoked_certificates/serial_number"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Serial number of the certificate.</p>
<ahref="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&labels=&template=bug_report.md"aria-role="button"target="_blank"rel="noopener external">Submit a bug report</a>
<ahref="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&labels=&template=feature_request.md"aria-role="button"target="_blank"rel="noopener external">Request a feature</a>
<ahref="gpg_fingerprint_filter.html"class="btn btn-neutral float-right"title="community.crypto.gpg_fingerprint filter – Retrieve a GPG fingerprint from a GPG public or private key"accesskey="n"rel="next">Next <spanclass="fa fa-arrow-circle-right"aria-hidden="true"></span></a>
