git Service of IN-Ulm e.V. Explore Help
Sign In
ulpeters
/
snippets
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

initial

Toastie 3 years ago
parent
1712cc81a2
commit
0b718d9a6e
2 changed files with 48 additions and 0 deletions
Split View Show Diff Stats
  1. 29 0
      crypto/tlsa/tlsa.sh
  2. 19 0
      crypto/tlsa/tlsa.txt

+ 29 - 0
crypto/tlsa/tlsa.sh
View File 

@@ -0,0 +1,29 @@
 
+#!/bin/bash
 
+
 
+#@brief Generates TLSA Fingerprints for Let's Encrypt Intermediate Certs
 
+
 
+# Intermediate Certificates Cross-signed by IdenTrust in pem format
 
+# URLs: https://letsencrypt.org/certificates/
 
+le="https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
 
+https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem
 
+https://letsencrypt.org/certs/lets-encrypt-e1.pem
 
+https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem
 
+https://letsencrypt.org/certs/lets-encrypt-r4-cross-signed.pem
 
+https://letsencrypt.org/certs/lets-encrypt-e2.pem
 
+"
 
+cert=`tempfile`
 
+echo ";TLSA Record Resource Data for Let's Encrypt Intermediate Certificates" > tlsa.txt
 
+
 
+for url in $le
 
+do
 
+  curl -s $url > $cert
 
+  echo -e -n "\n;" >> tlsa.txt
 
+  cat $cert | openssl x509 -noout -subject >> tlsa.txt
 
+
 
+  if [[ $url == *"encrypt-e"* ]]; then
 
+    cat $cert | openssl x509 -noout -pubkey | openssl ec -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "2 1 1", $NF}' >> tlsa.txt
 
+  else
 
+    cat $cert | openssl x509 -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "2 1 1", $NF}' >> tlsa.txt
 
+  fi
 
+done
 
+rm $cert

+ 19 - 0
crypto/tlsa/tlsa.txt
View File 

@@ -0,0 +1,19 @@
 
+;TLSA Record Resource Data for Let's Encrypt Intermediate Certificates
 
+
 
+;subject=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
 
+2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
 
+
 
+;subject=C = US, O = Let's Encrypt, CN = R3
 
+2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
 
+
 
+;subject=C = US, O = Let's Encrypt, CN = E1
 
+2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
 
+
 
+;subject=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X4
 
+2 1 1 b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b
 
+
 
+;subject=C = US, O = Let's Encrypt, CN = R4
 
+2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03
 
+
 
+;subject=C = US, O = Let's Encrypt, CN = E2
 
+2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270