forked from critical/dns-zones
Add script to generate TLSA records for domains found in the certs subdirectory.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2632 14b1bab8-4ef6-0310-b690-991c95c89dfdadd-secure1-alias-for-www1
parent
cd5e89e784
commit
12fb5c2d9c
@ -0,0 +1,24 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.1 2015/12/09 10:37:58 root Exp $
|
||||||
|
# mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory
|
||||||
|
|
||||||
|
PORT=443 # HTTPS
|
||||||
|
|
||||||
|
USAGE=3 # 0: CA constraint
|
||||||
|
# 1: Service certificate constraint
|
||||||
|
# 2: Trust anchor assertion
|
||||||
|
# 3: Domain-issued certificate
|
||||||
|
|
||||||
|
SELECTOR=1 # 0: Full certificate
|
||||||
|
# 1: SubjectPublicKeyInfo
|
||||||
|
|
||||||
|
TYPE=1 # 0: No hash used
|
||||||
|
# 1: SHA-256
|
||||||
|
# 2: SHA-512
|
||||||
|
|
||||||
|
for crt in certs/*.crt
|
||||||
|
do
|
||||||
|
DOMAIN=`basename ${crt} .crt`
|
||||||
|
/usr/local/bin/ldns-dane -c ${crt} create \
|
||||||
|
${DOMAIN} ${PORT} ${USAGE} ${SELECTOR} ${TYPE}
|
||||||
|
done
|
@ -0,0 +1,17 @@
|
|||||||
|
|
||||||
|
RCS file: /var/opendnssec/unsigned/RCS/mk-tlsa-recs,v
|
||||||
|
Working file: /var/opendnssec/unsigned/mk-tlsa-recs
|
||||||
|
head: 1.1
|
||||||
|
branch:
|
||||||
|
locks: strict
|
||||||
|
access list:
|
||||||
|
symbolic names:
|
||||||
|
keyword substitution: kv
|
||||||
|
total revisions: 1; selected revisions: 1
|
||||||
|
description:
|
||||||
|
mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory
|
||||||
|
----------------------------
|
||||||
|
revision 1.1
|
||||||
|
date: 2015/12/09 10:37:58; author: root; state: Exp;
|
||||||
|
Initial revision
|
||||||
|
=============================================================================
|
Loading…
Reference in New Issue