- name: get peercert for HTTP connection test_peercert: url: http://{{ httpbin_host }}/get register: cert_http - name: assert get peercert for HTTP connection assert: that: - cert_http.raw_cert == None - name: get peercert for HTTPS connection test_peercert: url: https://{{ httpbin_host }}/get register: cert_https # Alpine does not have openssl, just make sure the text was actually set instead - name: check if openssl is installed command: which openssl ignore_errors: yes register: openssl - name: get actual certificate from endpoint shell: echo | openssl s_client -connect {{ httpbin_host }}:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' register: cert_https_actual changed_when: no when: openssl is successful - name: assert get peercert for HTTPS connection assert: that: - cert_https.raw_cert != None - openssl is failed or cert_https.raw_cert == cert_https_actual.stdout_lines[1:-1] | join("")