hns-links/tlsa.sh

21 lines
697 B
Bash
Executable File

#!/bin/bash
# Get domain name from arguments
domain=$1
mkdir certs/$domain
openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes \
-keyout certs/$domain/cert.key -out certs/$domain/cert.crt \
-extensions ext -config \
<(echo "[req]";
echo distinguished_name=req;
echo "[ext]";
echo "keyUsage=critical,digitalSignature,keyEncipherment";
echo "extendedKeyUsage=serverAuth";
echo "basicConstraints=critical,CA:FALSE";
echo "subjectAltName=DNS:$domain,DNS:*.$domain";
) -subj "/CN=*.$domain"
echo -n "3 1 1 " && openssl x509 -in certs/$domain/cert.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | xxd -p -u -c 32