diff options
| author | Peter Palfrader <peter@palfrader.org> | 2016-01-01 17:35:02 +0100 |
|---|---|---|
| committer | Peter Palfrader <peter@palfrader.org> | 2016-01-01 17:35:02 +0100 |
| commit | b3f309c5a7dcb482dacebcdb69cddf9bf77e3dd9 (patch) | |
| tree | 5e01b6b650c335c1b0df70ccc06ebe8f8dd04f88 /letsencrypt-helpers | |
| parent | ce406ea29d411912bb330026036ff76ce4438090 (diff) | |
And make TLSA records
Diffstat (limited to 'letsencrypt-helpers')
| -rwxr-xr-x | letsencrypt-helpers/make-tlsa | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/letsencrypt-helpers/make-tlsa b/letsencrypt-helpers/make-tlsa new file mode 100755 index 0000000..6a88b92 --- /dev/null +++ b/letsencrypt-helpers/make-tlsa @@ -0,0 +1,23 @@ +#!/bin/sh + +set -e +set -u + +cd ~/certs + +for crt in *-combined.crt; do + ( + openssl x509 -noout -text < "$crt" | awk '/X509v3 Subject Alternative Name/ {getline;gsub(/ /, "", $0); print}' | tr ',' '\n' | awk -F: '$1=="DNS" {print $2}'; + openssl x509 -noout -subject < "$crt"| sed -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/' + ) | sort -u | while read cn; do + ports="443" + portsfile="${crt%-combined.crt}.ports" + if [ -e "$portsfile" ] ; then + ports=$(cat "$portsfile") + fi + for port in $ports; do + ~/swede/swede create --output rfc --usage=3 --selector=1 --mtype=1 --certificate "$crt" --port "$port" "$cn" + done + done +done + |