forked from critical/dns-zones
12fb5c2d9c
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2632 14b1bab8-4ef6-0310-b690-991c95c89dfd
24 lines
590 B
Bash
Executable file
24 lines
590 B
Bash
Executable file
#! /bin/bash
|
|
# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.1 2015/12/09 10:37:58 root Exp $
|
|
# mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory
|
|
|
|
PORT=443 # HTTPS
|
|
|
|
USAGE=3 # 0: CA constraint
|
|
# 1: Service certificate constraint
|
|
# 2: Trust anchor assertion
|
|
# 3: Domain-issued certificate
|
|
|
|
SELECTOR=1 # 0: Full certificate
|
|
# 1: SubjectPublicKeyInfo
|
|
|
|
TYPE=1 # 0: No hash used
|
|
# 1: SHA-256
|
|
# 2: SHA-512
|
|
|
|
for crt in certs/*.crt
|
|
do
|
|
DOMAIN=`basename ${crt} .crt`
|
|
/usr/local/bin/ldns-dane -c ${crt} create \
|
|
${DOMAIN} ${PORT} ${USAGE} ${SELECTOR} ${TYPE}
|
|
done
|