add script to generate TLSA records

diff --git a/tlsa b/tlsa
new file mode 100644 (file)
index 0000000..dd1c683
--- /dev/null
+++ b/tlsa
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+# Usage: ./tlsa <certificate filename>
+# Generates a TLSA record based on the given certificate's public key.
+
+echo -n "3 1 1 " # DANE-EE Publickey SHA256
+openssl x509 -noout -pubkey -in "$1" | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f 1 | tr 'a-z' 'A-Z'