-
-
Save vg/c67345a33a59ea7c8bcf73c7efad2925 to your computer and use it in GitHub Desktop.
Revisions
-
buffrr revised this gist
Jul 28, 2021 . 1 changed file with 5 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,12 +7,11 @@ openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes \ <(echo "[req]"; echo distinguished_name=req; echo "[ext]"; echo "keyUsage=critical,digitalSignature,keyEncipherment"; echo "extendedKeyUsage=serverAuth"; echo "basicConstraints=critical,CA:FALSE"; echo "subjectAltName=DNS:example.com,DNS:*.example.com"; ) -subj "/CN=*.example.com" ``` Generate the TLSA record rdata (you can also use [this tool](https://www.huque.com/bin/gen_tlsa)): -
Jul 7, 2021 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,7 @@ openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes \ <(echo "[req]"; echo distinguished_name=req; echo "[ext]"; echo keyUsage=critical,digitalSignature,keyEncipherment echo extendedKeyUsage=serverAuth echo basicConstraints=critical,CA:FALSE echo subjectAltName=DNS:example.com,DNS:*.example.com -
Jul 7, 2021 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Jul 7, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,23 @@ Creating a self-signed certificate for `example.com` (if you already have a certificate you can skip this step): ``` openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes \ -keyout cert.key -out cert.crt -extensions ext -config \ <(echo "[req]"; echo distinguished_name=req; echo "[ext]"; echo keyUsage=critical,digitalSignature echo extendedKeyUsage=serverAuth echo basicConstraints=critical,CA:FALSE echo subjectAltName=DNS:example.com,DNS:*.example.com ) \ -subj "/CN=*.example.com" ``` Generate the TLSA record rdata (you can also use [this tool](https://www.huque.com/bin/gen_tlsa)): ``` echo -n "3 1 1 " && openssl x509 -in cert.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | xxd -p -u -c 32 ``` Add the TLSA record to your zone file