Letsencrypt & TLSA - automation

Damien Goutte-Gattat dgouttegattat at incenp.org
Sun Feb 19 21:17:14 CET 2017

On 02/19/2017 08:23 PM, Viktor Dukhovni wrote:
> Are you sure that base64 works in this context???  The presentation
> format for TLSA records is hex encoded.

Oups. I re-wrote the macro in my message from memory instead of pasting 
it from my actual script, and of course I messed up.

(Coincidentally, I spent the last few hours writing an introduction to 
HTTP Public-Key Pinning, which does use base64 encoding.)

My real macro is:

  `m4_esyscmd(openssl x509 -in $1 -pubkey -noout | \
   openssl rsa -pubin -outform DER | \
   openssl dgst -sha256 | cut -d" " -f2)')

Sorry about that,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://mail.sys4.de/pipermail/dane-users/attachments/20170219/b68f658c/attachment.asc>

More information about the dane-users mailing list