From fd6e120fc904474ddb4f696ddab90056acfc813e Mon Sep 17 00:00:00 2001
From: Ralf Jung <post@ralfj.de>
Date: Fri, 29 Jan 2021 11:13:01 +0100
Subject: [PATCH] add script to generate TLSA records

---
 tlsa | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 tlsa

diff --git a/tlsa b/tlsa
new file mode 100644
index 0000000..dd1c683
--- /dev/null
+++ b/tlsa
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+# Usage: ./tlsa <certificate filename>
+# Generates a TLSA record based on the given certificate's public key.
+
+echo -n "3 1 1 " # DANE-EE Publickey SHA256
+openssl x509 -noout -pubkey -in "$1" | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f 1 | tr 'a-z' 'A-Z'
-- 
2.30.2