Hello,
I like to publish a PKIX-TA which mean I publisch a whole certificate, the whole blob...
I found https://www.huque.com/bin/gen_tlsa but some commandline voodoo using openssl or ldns-dane would be cool. Any suggestions?
Thanks & nice weekend Andreas
Hi Andreas,
On 16/09/2016 13:36 PM, Andreas Schulze wrote:
Hello,
I like to publish a PKIX-TA which mean I publisch a whole certificate, the whole blob...
I found https://www.huque.com/bin/gen_tlsa but some commandline voodoo using openssl or ldns-dane would be cool. Any suggestions?
Viktor has posted his "tlsagen" script here on the list, that works fine (I've used it to generate a 0 0 0 for testing purposes last week).
-- CS
On Fri, Sep 16, 2016 at 01:39:16PM +0200, Carsten Strotmann (sys4) wrote:
On 16/09/2016 13:36 PM, Andreas Schulze wrote:
Hello,
I like to publish a PKIX-TA which mean I publisch a whole certificate, the whole blob...
In almost all cases this is a bad idea, a SHA2-256 digest is quite secure enough, and is much less bloated.
I found https://www.huque.com/bin/gen_tlsa but some commandline voodoo using openssl or ldns-dane would be cool. Any suggestions?
Viktor has posted his "tlsagen" script here on the list, that works fine (I've used it to generate a 0 0 0 for testing purposes last week).
Attaching "tlsagen" and "chaingen". Note, the latter does not verify the integrity of the chain, garbage-in = garbage-out.
participants (3)
-
Andreas Schulze -
Carsten Strotmann (sys4) -
Viktor Dukhovni