Letsencrypt & TLSA - automation
Damien Goutte-Gattat
dgouttegattat at incenp.org
Sun Feb 19 21:17:14 CET 2017
On 02/19/2017 08:23 PM, Viktor Dukhovni wrote:
> Are you sure that base64 works in this context??? The presentation
> format for TLSA records is hex encoded.
Oups. I re-wrote the macro in my message from memory instead of pasting
it from my actual script, and of course I messed up.
(Coincidentally, I spent the last few hours writing an introduction to
HTTP Public-Key Pinning, which does use base64 encoding.)
My real macro is:
m4_define(SPKI_DGST,
`m4_esyscmd(openssl x509 -in $1 -pubkey -noout | \
openssl rsa -pubin -outform DER | \
openssl dgst -sha256 | cut -d" " -f2)')
Sorry about that,
Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://mail.sys4.de/pipermail/dane-users/attachments/20170219/b68f658c/attachment.asc>
More information about the dane-users
mailing list