extracting key and certificate

[Mahesh Nalavade]

Hi All,

Trying to extract the private key and certificate from pfx file format using ansible module.Can someone please provide the example.

[Dick Visser]

IIRC PFX are usually binary file that contain 'everything', i.e. the private key, the cert and any intermediates.

I would try both

https://docs.ansible.com/ansible/latest/collections/community/crypto/x509_certificate_info_module.html and

https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_privatekey_info_module.html

and see what that gets me.

On Mon, 28 Aug 2023 at 19:25, Mahesh Nalavade <mahesh.na...@gmail.com> wrote:

Hi All,

Trying to extract the private key and certificate from pfx file format using ansible module.Can someone please provide the example.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BicGBm55uBh0jm-Mxdq_mC%3Dpd8AONB8eezutcErdsvcGBZdfA%40mail.gmail.com.

[Felix Fontein]

Hi,

> Trying to extract the private key and certificate from pfx file
> format using ansible module.Can someone please provide the example.

PFX files are usually PKCS #12 files
(https://en.wikipedia.org/wiki/PFX), so community.crypto.openssl_pkcs12
(https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_pkcs12_module.html)
should help you.

Check out the action=parse example, it dumps the contents into a PEM
file, and you can split that one with
https://docs.ansible.com/ansible/latest/collections/community/crypto/split_pem_filter.html).

Cheers,
Felix

[Mahesh Nalavade]

Hi All,

I basically wanted to run the below command and create those files using ansible community.crypto module.Its not working as expected

openssl pkcs12 -in test.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > test.key

openssl pkcs12 -in test.pfx -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > test.crt

openssl pkcs12 -in test.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cacerts.crt

ansible code:

---
- hosts: localhost
  collections:
  - kubernetes.core
  tasks:
    - name: Dump/Parse PKCS#12 file
      community.crypto.openssl_pkcs12:
        action: parse
        force: false
        src: XXX.pfx
        path: privatekey.pem
        privatekey_passphrase: XXX
        passphrase: XXXX
        state: present

    - name: Get information on generated certificate
      community.crypto.x509_certificate_info:
        path: privatekey.pem
      register: result

    - name: Dump information
      ansible.builtin.debug:
        var: result

    - name: Get information on generated key
      community.crypto.openssl_privatekey_info:
        path: privatekey.pem
        return_private_key_data: true
      register: result

    - name: Dump information
      ansible.builtin.debug:
        var: result

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20230828211004.7ef054bd%40rovaniemi.

[Mahesh Nalavade]

Hi All,

Anyone has done this before.

[Dick Visser]

On Tue, 29 Aug 2023 at 20:30, Mahesh Nalavade <mahesh.na...@gmail.com> wrote:

Hi All,

Anyone has done this before.

This is your chance to become that person!

You did start already, please let us know your findings :)