Add script to generate TLSA records for domains found in the certs subdirectory.

git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2632 14b1bab8-4ef6-0310-b690-991c95c89dfd
2015-12-16 16:55:43 +00:00 · 2015-12-16 16:55:43 +00:00 · 12fb5c2d9c
commit 12fb5c2d9c
parent cd5e89e784
2 changed files with 41 additions and 0 deletions
--- a/24
+++ b/24
@ -0,0 +1,24 @@
+#! /bin/bash
+# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.1 2015/12/09 10:37:58 root Exp $
+# mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory
+
+PORT=443	# HTTPS
+
+USAGE=3		# 0: CA constraint
+		# 1: Service certificate constraint
+		# 2: Trust anchor assertion
+		# 3: Domain-issued certificate
+
+SELECTOR=1	# 0: Full certificate
+		# 1: SubjectPublicKeyInfo
+
+TYPE=1		# 0: No hash used
+		# 1: SHA-256
+		# 2: SHA-512
+
+for crt in certs/*.crt
+do
+	DOMAIN=`basename ${crt} .crt`
+	/usr/local/bin/ldns-dane -c ${crt} create \
+		${DOMAIN} ${PORT} ${USAGE} ${SELECTOR} ${TYPE}
+done
--- a/mk-tlsa-recs.log
+++ b/mk-tlsa-recs.log
@ -0,0 +1,17 @@
+
+RCS file: /var/opendnssec/unsigned/RCS/mk-tlsa-recs,v
+Working file: /var/opendnssec/unsigned/mk-tlsa-recs
+head: 1.1
+branch:
+locks: strict
+access list:
+symbolic names:
+keyword substitution: kv
+total revisions: 1;	selected revisions: 1
+description:
+mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory
+----------------------------
+revision 1.1
+date: 2015/12/09 10:37:58;  author: root;  state: Exp;
+Initial revision
+=============================================================================