salt.modules.win_pki module

Microsoft certificate management via the Pki PowerShell module.

platform:Windows

New in version 2016.11.0.

salt.modules.win_pki.export_cert(name, thumbprint, cert_format='cer', context='LocalMachine', store='My', password='')

Export the certificate to a file from the given certificate store.

Parameters:
  • name (str) -- The destination path for the exported certificate file.
  • thumbprint (str) -- The thumbprint value of the target certificate.
  • cert_format (str) -- The certificate format. Specify 'cer' for X.509, or 'pfx' for PKCS #12.
  • context (str) -- The name of the certificate store location context.
  • store (str) -- The name of the certificate store.
  • password (str) -- The password of the certificate. Only applicable to pfx format.
Returns:

A boolean representing whether all changes succeeded.

Return type:

bool

CLI Example:

salt '*' win_pki.export_cert name='C:\certs\example.cer' thumbprint='AAA000'
salt.modules.win_pki.get_cert_file(name, cert_format='cer')

Get the details of the certificate file.

Parameters:
  • name (str) -- The filesystem path of the certificate file.
  • cert_format (str) -- The certificate format. Specify 'cer' for X.509, or 'pfx' for PKCS #12.
Returns:

A dictionary of the certificate thumbprints and properties.

Return type:

dict

CLI Example:

salt '*' win_pki.get_cert_file name='C:\certs\example.cer'
salt.modules.win_pki.get_certs(context='LocalMachine', store='My')

Get the available certificates in the given store.

Parameters:
  • context (str) -- The name of the certificate store location context.
  • store (str) -- The name of the certificate store.
Returns:

A dictionary of the certificate thumbprints and properties.

Return type:

dict

CLI Example:

salt '*' win_pki.get_certs
salt.modules.win_pki.get_stores()

Get the certificate location contexts and their corresponding stores.

Returns:A dictionary of the certificate location contexts and stores.
Return type:dict

CLI Example:

salt '*' win_pki.get_stores
salt.modules.win_pki.import_cert(name, cert_format='cer', context='LocalMachine', store='My', exportable=True, password='', saltenv='base')

Import the certificate file into the given certificate store.

Parameters:
  • name (str) -- The path of the certificate file to import.
  • cert_format (str) -- The certificate format. Specify 'cer' for X.509, or 'pfx' for PKCS #12.
  • context (str) -- The name of the certificate store location context.
  • store (str) -- The name of the certificate store.
  • exportable (bool) -- Mark the certificate as exportable. Only applicable to pfx format.
  • password (str) -- The password of the certificate. Only applicable to pfx format.
  • saltenv (str) -- The environment the file resides in.
Returns:

A boolean representing whether all changes succeeded.

Return type:

bool

CLI Example:

salt '*' win_pki.import_cert name='salt://cert.cer'
salt.modules.win_pki.remove_cert(thumbprint, context='LocalMachine', store='My')

Remove the certificate from the given certificate store.

Parameters:
  • thumbprint (str) -- The thumbprint value of the target certificate.
  • context (str) -- The name of the certificate store location context.
  • store (str) -- The name of the certificate store.
Returns:

A boolean representing whether all changes succeeded.

Return type:

bool

CLI Example:

salt '*' win_pki.remove_cert thumbprint='AAA000'
salt.modules.win_pki.test_cert(thumbprint, context='LocalMachine', store='My', untrusted_root=False, dns_name='', eku='')

Check the certificate for validity.

Parameters:
  • thumbprint (str) -- The thumbprint value of the target certificate.
  • context (str) -- The name of the certificate store location context.
  • store (str) -- The name of the certificate store.
  • untrusted_root (bool) -- Whether the root certificate is required to be trusted in chain building.
  • dns_name (str) -- The DNS name to verify as valid for the certificate.
  • eku (str) -- The enhanced key usage object identifiers to verify for the certificate chain.
Returns:

A boolean representing whether the certificate was considered valid.

Return type:

bool

CLI Example:

salt '*' win_pki.test_cert thumbprint='AAA000' dns_name='example.test'