<title>community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates — Community.Crypto Collection documentation</title>
<linkrel="prev"title="community.crypto.x509_certificate_convert module – Convert X.509 certificates"href="x509_certificate_convert_module.html"/><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_selfsigned.html">How to create self-signed certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_ownca.html">How to create a small CA</a></li>
</ul>
<ulclass="current">
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_module.html">community.crypto.acme_account module – Create, modify or delete ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves information on ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_ari_info_module.html">community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <codeclass="docutils literal notranslate"><spanclass="pre">tls-alpn-01</span></code></a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="certificate_complete_chain_module.html">community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_csr_info_module.html">community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR)</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_module.html">community.crypto.openssl_privatekey_info module – Provide information for OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_pipe_module.html">community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_module.html">community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_module.html">community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_module.html">community.crypto.openssl_signature module – Sign data with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_info_module.html">community.crypto.openssl_signature_info module – Verify signatures with openssl</a></li>
<liclass="toctree-l1 current"><aclass="current reference internal"href="#">community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates</a><ul>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_filter.html">community.crypto.gpg_fingerprint filter – Retrieve a GPG fingerprint from a GPG public or private key</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_filter.html">community.crypto.openssl_privatekey_info filter – Retrieve information from OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_filter.html">community.crypto.openssl_publickey_info filter – Retrieve information from OpenSSL public keys in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="parse_serial_filter.html">community.crypto.parse_serial filter – Convert a serial number as a colon-separated list of hex numbers to an integer</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="to_serial_filter.html">community.crypto.to_serial filter – Convert an integer to a colon-separated list of hex numbers</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_filter.html">community.crypto.x509_certificate_info filter – Retrieve information from X.509 certificates in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_crl_info_filter.html">community.crypto.x509_crl_info filter – Retrieve information from X.509 CRLs in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_lookup.html">community.crypto.gpg_fingerprint lookup – Retrieve a GPG fingerprint from a GPG public or private key file</a></li>
<liclass="breadcrumb-item active">community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates</li>
<liclass="wy-breadcrumbs-aside">
<!-- User defined GitHub URL -->
<ahref="https://github.com/ansible-collections/community.crypto/edit/main/plugins/modules/x509_certificate_info.py?description=%23%23%23%23%23%20SUMMARY%0A%3C!—%20Your%20description%20here%20–%3E%0A%0A%0A%23%23%23%23%23%20ISSUE%20TYPE%0A-%20Docs%20Pull%20Request%0A%0A%2Blabel:%20docsite_pr"class="fa fa-github"> Edit on GitHub</a>
<h1>community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates<aclass="headerlink"href="#community-crypto-x509-certificate-info-module-provide-information-of-openssl-x-509-certificates"title="Link to this heading"></a></h1>
<p>This module is part of the <aclass="reference external"href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.24.0).</p>
<p>It is not included in <codeclass="docutils literal notranslate"><spanclass="pre">ansible-core</span></code>.
To check whether it is installed, run <codeclass="code docutils literal notranslate"><spanclass="pre">ansible-galaxy</span><spanclass="pre">collection</span><spanclass="pre">list</span></code>.</p>
You need further requirements to be able to use this module,
see <aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-requirements"><spanclass="std std-ref">Requirements</span></a> for details.</p>
<p>To use it in a playbook, specify: <codeclass="code docutils literal notranslate"><spanclass="pre">community.crypto.x509_certificate_info</span></code>.</p>
<li><p>Note that this module was called <codeclass="docutils literal notranslate"><spanclass="pre">openssl_certificate_info</span></code> when included directly in Ansible up to version 2.9. When moved to the collection <codeclass="docutils literal notranslate"><spanclass="pre">community.crypto</span></code>, it was renamed to <aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module"><spanclass="std std-ref">community.crypto.x509_certificate_info</span></a>. From Ansible 2.10 on, it can still be used by the old short name (or by <codeclass="docutils literal notranslate"><spanclass="pre">ansible.builtin.openssl_certificate_info</span></code>), which redirects to <aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module"><spanclass="std std-ref">community.crypto.x509_certificate_info</span></a>. When using FQCNs or when using the <aclass="reference external"href="https://docs.ansible.com/ansible/latest/user_guide/collections_using.html#using-collections-in-a-playbook">collections</a> keyword, the new name <aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module"><spanclass="std std-ref">community.crypto.x509_certificate_info</span></a> should be used to avoid a deprecation warning.</p></li>
<spanid="ansible-collections-community-crypto-x509-certificate-info-module-requirements"></span><h2><aclass="toc-backref"href="#id2"role="doc-backlink">Requirements</a><aclass="headerlink"href="#requirements"title="Link to this heading"></a></h2>
<li><p>If <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> is set to another value than <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">ignore</span></code>, the <aclass="reference external"href="https://pypi.org/project/idna/">idna Python library</a> needs to be installed.</p></li>
<aclass="ansibleOptionLink"href="#parameter-content"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p>Either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-parameter-path"><spanclass="std std-ref"><spanclass="pre">path</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-parameter-content"><spanclass="std std-ref"><spanclass="pre">content</span></span></a></strong></code> must be specified, but not both.</p>
<aclass="ansibleOptionLink"href="#parameter-name_encoding"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>How to encode names (DNS names, URIs, email addresses) in return values.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">ignore</span></code> will use the encoding returned by the backend.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">idna</span></code> will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">unicode</span></code> will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.</p>
<p><strong>Note</strong> that <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">idna</span></code> and <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">unicode</span></code> require the <aclass="reference external"href="https://pypi.org/project/idna/">idna Python library</a> to be installed.</p>
<aclass="ansibleOptionLink"href="#parameter-path"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Remote absolute path where the certificate file is loaded from.</p>
<p>Either <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-parameter-path"><spanclass="std std-ref"><spanclass="pre">path</span></span></a></strong></code> or <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-parameter-content"><spanclass="std std-ref"><spanclass="pre">content</span></span></a></strong></code> must be specified, but not both.</p>
<aclass="ansibleOptionLink"href="#parameter-select_crypto_backend"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Determines which crypto backend to use.</p>
<p>The default choice is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">auto</span></code>, which tries to use <codeclass="docutils literal notranslate"><spanclass="pre">cryptography</span></code> if available.</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">cryptography</span></code>, will try to use the <aclass="reference external"href="https://cryptography.io/">cryptography</a> library.</p>
<aclass="ansibleOptionLink"href="#parameter-valid_at"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
<td><divclass="ansible-option-cell"><p>A dict of names mapping to time specifications. Every time specified here will be checked whether the certificate is valid at this point. See the <codeclass="ansible-return-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-return-valid-at"><spanclass="std std-ref"><spanclass="pre">valid_at</span></span></a></code> return value for information on the result.</p>
<p>Valid format is <codeclass="docutils literal notranslate"><spanclass="pre">[+-]timespec</span><spanclass="pre">|</span><spanclass="pre">ASN.1</span><spanclass="pre">TIME</span></code> where timespec can be an integer + <codeclass="docutils literal notranslate"><spanclass="pre">[w</span><spanclass="pre">|</span><spanclass="pre">d</span><spanclass="pre">|</span><spanclass="pre">h</span><spanclass="pre">|</span><spanclass="pre">m</span><spanclass="pre">|</span><spanclass="pre">s]</span></code> (for example <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">+32w1d2h</span></code>), and ASN.1 TIME (in other words, pattern <codeclass="docutils literal notranslate"><spanclass="pre">YYYYMMDDHHMMSSZ</span></code>). Note that all timestamps will be treated as being in UTC.</p>
<td><divclass="ansible-option-cell"><p>Can run in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code> and return changed status prediction without modifying target.</p>
<td><divclass="ansible-option-cell"><p>Will return details on what has changed (or possibly needs changing in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code>), when in diff mode.</p>
<td><divclass="ansible-option-cell"><p>When run twice in a row outside check mode, with the same arguments, the second invocation indicates no change.</p>
<p>This assumes that the system controlled/queried by the module has not changed in a relevant way.</p>
<li><p>All timestamp values are provided in ASN.1 TIME format, in other words, following the <codeclass="docutils literal notranslate"><spanclass="pre">YYYYMMDDHHMMSSZ</span></code> pattern. They are all in UTC.</p></li>
<dt><aclass="reference internal"href="x509_certificate_info_filter.html#ansible-collections-community-crypto-x509-certificate-info-filter"><spanclass="std std-ref">community.crypto.x509_certificate_info</span></a> filter plugin</dt><dd><p>A filter variant of this module.</p>
<dt><aclass="reference internal"href="to_serial_filter.html#ansible-collections-community-crypto-to-serial-filter"><spanclass="std std-ref">community.crypto.to_serial</span></a> filter plugin</dt><dd><p>Convert an integer to a colon-separated list of hex numbers.</p>
<divclass="highlight-yaml+jinja notranslate"><divclass="highlight"><pre><span></span><spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Generate a Self Signed OpenSSL certificate</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Get information on generated certificate</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Test whether that certificate is valid tomorrow and/or in three weeks</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Validate that certificate is valid tomorrow, but not in three weeks</span>
<spanclass="w"></span><spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">result.valid_at.point_1</span><spanclass="w"></span><spanclass="c1"># valid in one day</span>
<spanclass="w"></span><spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">not result.valid_at.point_2</span><spanclass="w"></span><spanclass="c1"># not valid in three weeks</span>
<h2><aclass="toc-backref"href="#id8"role="doc-backlink">Return Values</a><aclass="headerlink"href="#return-values"title="Link to this heading"></a></h2>
<p>Common return values are documented <aclass="reference external"href="https://docs.ansible.com/ansible/devel/reference_appendices/common_return_values.html#common-return-values"title="(in Ansible vdevel)"><spanclass="xref std std-ref">here</span></a>, the following are the fields unique to this module:</p>
<aclass="ansibleOptionLink"href="#return-authority_cert_issuer"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The certificate’s authority cert issuer as a list of general names.</p>
<p>Is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> if the <codeclass="docutils literal notranslate"><spanclass="pre">AuthorityKeyIdentifier</span></code> extension is not present.</p>
<p>See <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> for how IDNs are handled.</p>
<aclass="ansibleOptionLink"href="#return-authority_cert_serial_number"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The certificate’s authority cert serial number.</p>
<p>Is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> if the <codeclass="docutils literal notranslate"><spanclass="pre">AuthorityKeyIdentifier</span></code> extension is not present.</p>
<p>This return value is an <strong>integer</strong>. If you need the serial numbers as a colon-separated hex string, such as <codeclass="docutils literal notranslate"><spanclass="pre">11:22:33</span></code>, you need to convert it to that form with <aclass="reference internal"href="to_serial_filter.html#ansible-collections-community-crypto-to-serial-filter"><spanclass="std std-ref">community.crypto.to_serial</span></a>.</p>
<aclass="ansibleOptionLink"href="#return-authority_key_identifier"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p>The identifier is returned in hexadecimal, with <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">:</span></code> used to separate bytes.</p>
<p>Is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> if the <codeclass="docutils literal notranslate"><spanclass="pre">AuthorityKeyIdentifier</span></code> extension is not present.</p>
<aclass="ansibleOptionLink"href="#return-basic_constraints"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=string</span></p>
<td><divclass="ansible-option-cell"><p>Entries in the <codeclass="docutils literal notranslate"><spanclass="pre">basic_constraints</span></code> extension, or <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> if extension is not present.</p>
<aclass="ansibleOptionLink"href="#return-basic_constraints_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the <codeclass="docutils literal notranslate"><spanclass="pre">basic_constraints</span></code> extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-expired"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the certificate is expired (in other words, <codeclass="docutils literal notranslate"><spanclass="pre">notAfter</span></code> is in the past).</p>
<aclass="ansibleOptionLink"href="#return-extended_key_usage"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=string</span></p>
<td><divclass="ansible-option-cell"><p>Entries in the <codeclass="docutils literal notranslate"><spanclass="pre">extended_key_usage</span></code> extension, or <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> if extension is not present.</p>
<aclass="ansibleOptionLink"href="#return-extended_key_usage_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the <codeclass="docutils literal notranslate"><spanclass="pre">extended_key_usage</span></code> extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-extensions_by_oid"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Returns a dictionary for every extension OID.</p>
<aclass="ansibleOptionLink"href="#return-extensions_by_oid/critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Whether the extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-extensions_by_oid/value"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The Base64 encoded value (in DER format) of the extension.</p>
<p><strong>Note</strong> that depending on the <codeclass="docutils literal notranslate"><spanclass="pre">cryptography</span></code> version used, it is not possible to extract the ASN.1 content of the extension, but only to provide the re-encoded content of the extension in case it was parsed by <codeclass="docutils literal notranslate"><spanclass="pre">cryptography</span></code>. This should usually result in exactly the same value, except if the original extension value was malformed.</p>
<aclass="ansibleOptionLink"href="#return-fingerprints"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
<aclass="ansibleOptionLink"href="#return-issuer"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
<aclass="ansibleOptionLink"href="#return-issuer_ordered"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=list</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The certificate’s issuer as an ordered list of tuples.</p>
<aclass="ansibleOptionLink"href="#return-issuer_uri"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>The Issuer URI, if included in the certificate. Will be <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> if no issuer URI is included.</p>
<aclass="ansibleOptionLink"href="#return-key_usage"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>Entries in the <codeclass="docutils literal notranslate"><spanclass="pre">key_usage</span></code> extension, or <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> if extension is not present.</p>
<aclass="ansibleOptionLink"href="#return-key_usage_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the <codeclass="docutils literal notranslate"><spanclass="pre">key_usage</span></code> extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-not_after"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p><codeclass="docutils literal notranslate"><spanclass="pre">notAfter</span></code> date as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-not_before"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p><codeclass="docutils literal notranslate"><spanclass="pre">notBefore</span></code> date as ASN.1 TIME.</p>
<aclass="ansibleOptionLink"href="#return-ocsp_must_staple"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
<td><divclass="ansible-option-cell"><p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code> if the OCSP Must Staple extension is present, <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> otherwise.</p>
<aclass="ansibleOptionLink"href="#return-ocsp_must_staple_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the <codeclass="docutils literal notranslate"><spanclass="pre">ocsp_must_staple</span></code> extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-ocsp_uri"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>The OCSP responder URI, if included in the certificate. Will be <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> if no OCSP responder URI is included.</p>
<aclass="ansibleOptionLink"href="#return-public_key"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Certificate’s public key in PEM format.</p>
<aclass="ansibleOptionLink"href="#return-public_key_data"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
<aclass="ansibleOptionLink"href="#return-public_key_data/curve"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The curve’s name for ECC.</p>
<aclass="ansibleOptionLink"href="#return-public_key_data/exponent"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The RSA key’s public exponent.</p>
<aclass="ansibleOptionLink"href="#return-public_key_data/exponent_size"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The maximum number of bits of a private key. This is basically the bit size of the subgroup used.</p>
<aclass="ansibleOptionLink"href="#return-public_key_data/g"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The <codeclass="docutils literal notranslate"><spanclass="pre">g</span></code> value for DSA.</p>
<p>This is the element spanning the subgroup of the multiplicative group of the prime field used.</p>
<aclass="ansibleOptionLink"href="#return-public_key_data/modulus"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
<aclass="ansibleOptionLink"href="#return-public_key_data/p"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The <codeclass="docutils literal notranslate"><spanclass="pre">p</span></code> value for DSA.</p>
<p>This is the prime modulus upon which arithmetic takes place.</p>
<aclass="ansibleOptionLink"href="#return-public_key_data/q"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The <codeclass="docutils literal notranslate"><spanclass="pre">q</span></code> value for DSA.</p>
<p>This is a prime that divides <codeclass="docutils literal notranslate"><spanclass="pre">p</span><spanclass="pre">-</span><spanclass="pre">1</span></code>, and at the same time the order of the subgroup of the multiplicative group of the prime field used.</p>
<aclass="ansibleOptionLink"href="#return-public_key_data/size"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>Bit size of modulus (RSA) or prime number (DSA).</p>
<aclass="ansibleOptionLink"href="#return-public_key_data/x"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>The <codeclass="docutils literal notranslate"><spanclass="pre">x</span></code> coordinate for the public point on the elliptic curve.</p>
<aclass="ansibleOptionLink"href="#return-public_key_data/y"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
<td><divclass="ansible-option-indent-desc"></div><divclass="ansible-option-cell"><p>For <codeclass="ansible-return-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-return-public-key-type"><spanclass="std std-ref"><spanclass="pre">public_key_type=ECC</span></span></a></code>, this is the <codeclass="docutils literal notranslate"><spanclass="pre">y</span></code> coordinate for the public point on the elliptic curve.</p>
<p>For <codeclass="ansible-return-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-return-public-key-type"><spanclass="std std-ref"><spanclass="pre">public_key_type=DSA</span></span></a></code>, this is the publicly known group element whose discrete logarithm w.r.t. <codeclass="docutils literal notranslate"><spanclass="pre">g</span></code> is the private key.</p>
<aclass="ansibleOptionLink"href="#return-public_key_fingerprints"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Fingerprints of certificate’s public key.</p>
<p>For every hash algorithm available, the fingerprint is computed.</p>
<aclass="ansibleOptionLink"href="#return-public_key_type"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p>Will start with <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">unknown</span></code> if the key type cannot be determined.</p>
<aclass="ansibleOptionLink"href="#return-serial_number"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The certificate’s serial number.</p>
<p>This return value is an <strong>integer</strong>. If you need the serial numbers as a colon-separated hex string, such as <codeclass="docutils literal notranslate"><spanclass="pre">11:22:33</span></code>, you need to convert it to that form with <aclass="reference internal"href="to_serial_filter.html#ansible-collections-community-crypto-to-serial-filter"><spanclass="std std-ref">community.crypto.to_serial</span></a>.</p>
<aclass="ansibleOptionLink"href="#return-signature_algorithm"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The signature algorithm used to sign the certificate.</p>
<aclass="ansibleOptionLink"href="#return-subject"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The certificate’s subject as a dictionary.</p>
<p>Note that for repeated values, only the last one will be returned.</p>
<aclass="ansibleOptionLink"href="#return-subject_alt_name"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=string</span></p>
<td><divclass="ansible-option-cell"><p>Entries in the <codeclass="docutils literal notranslate"><spanclass="pre">subject_alt_name</span></code> extension, or <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> if extension is not present.</p>
<p>See <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-parameter-name-encoding"><spanclass="std std-ref"><spanclass="pre">name_encoding</span></span></a></strong></code> for how IDNs are handled.</p>
<aclass="ansibleOptionLink"href="#return-subject_alt_name_critical"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the <codeclass="docutils literal notranslate"><spanclass="pre">subject_alt_name</span></code> extension is critical.</p>
<aclass="ansibleOptionLink"href="#return-subject_key_identifier"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p>The identifier is returned in hexadecimal, with <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">:</span></code> used to separate bytes.</p>
<p>Is <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">none</span></code> if the <codeclass="docutils literal notranslate"><spanclass="pre">SubjectKeyIdentifier</span></code> extension is not present.</p>
<aclass="ansibleOptionLink"href="#return-subject_ordered"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">list</span> / <spanclass="ansible-option-elements">elements=list</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The certificate’s subject as an ordered list of tuples.</p>
<aclass="ansibleOptionLink"href="#return-valid_at"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">dictionary</span></p>
<td><divclass="ansible-option-cell"><p>For every time stamp provided in the <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-x509-certificate-info-module-parameter-valid-at"><spanclass="std std-ref"><spanclass="pre">valid_at</span></span></a></strong></code> option, a boolean whether the certificate is valid at that point in time or not.</p>
<aclass="ansibleOptionLink"href="#return-version"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
<li><span><aaria-role="button"class="ansible-link reference external"href="https://forum.ansible.com/tags/c/help/6/none/crypto"rel="noopener external"target="_blank">Ask for help (crypto)</a></span></li>
<li><span><aaria-role="button"class="ansible-link reference external"href="https://forum.ansible.com/tags/c/help/6/none/acme"rel="noopener external"target="_blank">Ask for help (ACME)</a></span></li>
