knilsson/dns-zones
1
0
Fork 0
forked from critical/dns-zones
Code Pull requests Activity
dns-zones/mk-tlsa-recs
wytze@deboca.net e4637553b6 Updates for mk-tlsa-recs script: 
- use ldns-dane from /usr/bin (parametrized)
- only generate TLSA records for symlink'ed certificates
- generate both domain and trust anchor TLSA records


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2728 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-06-06 09:22:44 +00:00

31 lines
696 B
Bash
Executable file
Raw Blame History

#! /bin/bash
# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.2 2019/04/02 15:37:17 root Exp $
# mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory
LDNS_DANE=/usr/bin/ldns-dane
PORT=443 # HTTPS
USAGE=3 # 0: CA constraint
# 1: Service certificate constraint
# 2: Trust anchor assertion
# 3: Domain-issued certificate
ALT_USAGE=2
SELECTOR=1 # 0: Full certificate
# 1: SubjectPublicKeyInfo
TYPE=1 # 0: No hash used
# 1: SHA-256
# 2: SHA-512
for crt in certs/*.crt
do
test -L ${crt} || continue
DOMAIN=`basename ${crt} .crt`
for usage in ${USAGE} ${ALT_USAGE}
do
${LDNS_DANE} -c ${crt} create \
${DOMAIN} ${PORT} ${usage} ${SELECTOR} ${TYPE}
done
done
View git blame Copy permalink