| 1234567891011121314151617181920212223242526272829 |
- #!/bin/bash
- #@brief Generates TLSA Fingerprints for Let's Encrypt Intermediate Certs
- # Intermediate Certificates Cross-signed by IdenTrust in pem format
- # URLs: https://letsencrypt.org/certificates/
- le="https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
- https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem
- https://letsencrypt.org/certs/lets-encrypt-e1.pem
- https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem
- https://letsencrypt.org/certs/lets-encrypt-r4-cross-signed.pem
- https://letsencrypt.org/certs/lets-encrypt-e2.pem
- "
- cert=`tempfile`
- echo ";TLSA Record Resource Data for Let's Encrypt Intermediate Certificates" > tlsa.txt
- for url in $le
- do
- curl -s $url > $cert
- echo -e -n "\n;" >> tlsa.txt
- cat $cert | openssl x509 -noout -subject >> tlsa.txt
- if [[ $url == *"encrypt-e"* ]]; then
- cat $cert | openssl x509 -noout -pubkey | openssl ec -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "2 1 1", $NF}' >> tlsa.txt
- else
- cat $cert | openssl x509 -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "2 1 1", $NF}' >> tlsa.txt
- fi
- done
- rm $cert
|
