summaryrefslogtreecommitdiff
path: root/letsencrypt-helpers
diff options
context:
space:
mode:
authorPeter Palfrader <peter@palfrader.org>2016-01-01 17:35:02 +0100
committerPeter Palfrader <peter@palfrader.org>2016-01-01 17:35:02 +0100
commitb3f309c5a7dcb482dacebcdb69cddf9bf77e3dd9 (patch)
tree5e01b6b650c335c1b0df70ccc06ebe8f8dd04f88 /letsencrypt-helpers
parentce406ea29d411912bb330026036ff76ce4438090 (diff)
And make TLSA records
Diffstat (limited to 'letsencrypt-helpers')
-rwxr-xr-xletsencrypt-helpers/make-tlsa23
1 files changed, 23 insertions, 0 deletions
diff --git a/letsencrypt-helpers/make-tlsa b/letsencrypt-helpers/make-tlsa
new file mode 100755
index 0000000..6a88b92
--- /dev/null
+++ b/letsencrypt-helpers/make-tlsa
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+set -e
+set -u
+
+cd ~/certs
+
+for crt in *-combined.crt; do
+ (
+ openssl x509 -noout -text < "$crt" | awk '/X509v3 Subject Alternative Name/ {getline;gsub(/ /, "", $0); print}' | tr ',' '\n' | awk -F: '$1=="DNS" {print $2}';
+ openssl x509 -noout -subject < "$crt"| sed -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/'
+ ) | sort -u | while read cn; do
+ ports="443"
+ portsfile="${crt%-combined.crt}.ports"
+ if [ -e "$portsfile" ] ; then
+ ports=$(cat "$portsfile")
+ fi
+ for port in $ports; do
+ ~/swede/swede create --output rfc --usage=3 --selector=1 --mtype=1 --certificate "$crt" --port "$port" "$cn"
+ done
+ done
+done
+