diff --git a/mk-tlsa-recs b/mk-tlsa-recs new file mode 100755 index 0000000..c21b85b --- /dev/null +++ b/mk-tlsa-recs @@ -0,0 +1,24 @@ +#! /bin/bash +# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.1 2015/12/09 10:37:58 root Exp $ +# mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory + +PORT=443 # HTTPS + +USAGE=3 # 0: CA constraint + # 1: Service certificate constraint + # 2: Trust anchor assertion + # 3: Domain-issued certificate + +SELECTOR=1 # 0: Full certificate + # 1: SubjectPublicKeyInfo + +TYPE=1 # 0: No hash used + # 1: SHA-256 + # 2: SHA-512 + +for crt in certs/*.crt +do + DOMAIN=`basename ${crt} .crt` + /usr/local/bin/ldns-dane -c ${crt} create \ + ${DOMAIN} ${PORT} ${USAGE} ${SELECTOR} ${TYPE} +done diff --git a/mk-tlsa-recs.log b/mk-tlsa-recs.log new file mode 100644 index 0000000..21f62b4 --- /dev/null +++ b/mk-tlsa-recs.log @@ -0,0 +1,17 @@ + +RCS file: /var/opendnssec/unsigned/RCS/mk-tlsa-recs,v +Working file: /var/opendnssec/unsigned/mk-tlsa-recs +head: 1.1 +branch: +locks: strict +access list: +symbolic names: +keyword substitution: kv +total revisions: 1; selected revisions: 1 +description: +mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory +---------------------------- +revision 1.1 +date: 2015/12/09 10:37:58; author: root; state: Exp; +Initial revision +=============================================================================