tlsa.sh 1.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. #!/bin/bash
  2. #@brief Generates TLSA Fingerprints for Let's Encrypt Intermediate Certs
  3. # Intermediate Certificates Cross-signed by IdenTrust in pem format
  4. # URLs: https://letsencrypt.org/certificates/
  5. LeNew="
  6. https://letsencrypt.org/certs/2024/r10.pem
  7. https://letsencrypt.org/certs/2024/r11.pem
  8. https://letsencrypt.org/certs/2024/r12.pem
  9. https://letsencrypt.org/certs/2024/r13.pem
  10. https://letsencrypt.org/certs/2024/r14.pem
  11. https://letsencrypt.org/certs/2024/e5-cross.pem
  12. https://letsencrypt.org/certs/2024/e6-cross.pem
  13. https://letsencrypt.org/certs/2024/e7-cross.pem
  14. https://letsencrypt.org/certs/2024/e8-cross.pem
  15. https://letsencrypt.org/certs/2024/e9-cross.pem
  16. "
  17. le="https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
  18. https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem
  19. https://letsencrypt.org/certs/lets-encrypt-e1.pem
  20. https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem
  21. https://letsencrypt.org/certs/lets-encrypt-r4-cross-signed.pem
  22. https://letsencrypt.org/certs/lets-encrypt-e2.pem
  23. "
  24. cert=`tempfile`
  25. echo ";TLSA Record Resource Data for Let's Encrypt Intermediate Certificates" > tlsa.txt
  26. for url in $le
  27. do
  28. curl -s $url > $cert
  29. echo -e -n "\n;" >> tlsa.txt
  30. cat $cert | openssl x509 -noout -subject >> tlsa.txt
  31. if [[ $url == *"encrypt-e"* ]]; then
  32. cat $cert | openssl x509 -noout -pubkey | openssl ec -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "2 1 1", $NF}' >> tlsa.txt
  33. else
  34. cat $cert | openssl x509 -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "2 1 1", $NF}' >> tlsa.txt
  35. fi
  36. done
  37. rm $cert