From 12fb5c2d9c8892681d66f2ec810a29fb2b4641c0 Mon Sep 17 00:00:00 2001 From: "wytze@deboca.net" Date: Wed, 16 Dec 2015 16:55:43 +0000 Subject: [PATCH] Add script to generate TLSA records for domains found in the certs subdirectory. git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2632 14b1bab8-4ef6-0310-b690-991c95c89dfd --- mk-tlsa-recs | 24 ++++++++++++++++++++++++ mk-tlsa-recs.log | 17 +++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100755 mk-tlsa-recs create mode 100644 mk-tlsa-recs.log diff --git a/mk-tlsa-recs b/mk-tlsa-recs new file mode 100755 index 0000000..c21b85b --- /dev/null +++ b/mk-tlsa-recs @@ -0,0 +1,24 @@ +#! /bin/bash +# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.1 2015/12/09 10:37:58 root Exp $ +# mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory + +PORT=443 # HTTPS + +USAGE=3 # 0: CA constraint + # 1: Service certificate constraint + # 2: Trust anchor assertion + # 3: Domain-issued certificate + +SELECTOR=1 # 0: Full certificate + # 1: SubjectPublicKeyInfo + +TYPE=1 # 0: No hash used + # 1: SHA-256 + # 2: SHA-512 + +for crt in certs/*.crt +do + DOMAIN=`basename ${crt} .crt` + /usr/local/bin/ldns-dane -c ${crt} create \ + ${DOMAIN} ${PORT} ${USAGE} ${SELECTOR} ${TYPE} +done diff --git a/mk-tlsa-recs.log b/mk-tlsa-recs.log new file mode 100644 index 0000000..21f62b4 --- /dev/null +++ b/mk-tlsa-recs.log @@ -0,0 +1,17 @@ + +RCS file: /var/opendnssec/unsigned/RCS/mk-tlsa-recs,v +Working file: /var/opendnssec/unsigned/mk-tlsa-recs +head: 1.1 +branch: +locks: strict +access list: +symbolic names: +keyword substitution: kv +total revisions: 1; selected revisions: 1 +description: +mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory +---------------------------- +revision 1.1 +date: 2015/12/09 10:37:58; author: root; state: Exp; +Initial revision +=============================================================================