Hi All,
I basically wanted to run the below command and create those files using
ansible community.crypto module.Its not working as expected
openssl pkcs12 -in test.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE
KEY-/,/-END PRIVATE KEY-/p' > test.key
openssl pkcs12 -in test.pfx -clcerts -nokeys | sed -ne '/-BEGIN
CERTIFICATE-/,/-END CERTIFICATE-/p' > test.crt
openssl pkcs12 -in test.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN
CERTIFICATE-/,/-END CERTIFICATE-/p' > cacerts.crt
ansible code:
---
- hosts: localhost
collections:
- kubernetes.core
tasks:
- name: Dump/Parse PKCS#12 file
community.crypto.openssl_pkcs12:
action: parse
force: false
src: XXX.pfx
path: privatekey.pem
privatekey_passphrase: XXX
passphrase: XXXX
state: present
- name: Get information on generated certificate
community.crypto.x509_certificate_info:
path: privatekey.pem
register: result
- name: Dump information
ansible.builtin.debug:
var: result
- name: Get information on generated key
community.crypto.openssl_privatekey_info:
path: privatekey.pem
return_private_key_data: true
register: result
- name: Dump information
ansible.builtin.debug:
var: result
On Mon, Aug 28, 2023 at 4:10 PM 'Felix Fontein' via Ansible Project <
ansible-project@googlegroups.com> wrote:
> Hi,
>
> > Trying to extract the private key and certificate from pfx file
> > format using ansible module.Can someone please provide the example.
>
> PFX files are usually PKCS #12 files
> (https://en.wikipedia.org/wiki/PFX), so community.crypto.openssl_pkcs12
> (
> https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_pkcs12_module.html
> )
> should help you.
>
> Check out the action=parse example, it dumps the contents into a PEM
> file, and you can split that one with
>
> https://docs.ansible.com/ansible/latest/collections/community/crypto/split_pem_filter.html
> ).
>
> Cheers,
> Felix
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/20230828211004.7ef054bd%40rovaniemi
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CA%2BicGBk2ZqbB3%3Dr%2BFmSbE1pVrODrssm3pMKAgT%2B-o%2BFVmnZNRg%40mail.gmail.com.
