my $country = prompt('What is the ISO 3166-1 code for the country you are located in?', 'XZ');
my $days = prompt('How many days do you want your certificate to be valid for?', '365');
+# Contains the SSL certificate in DER form.
+my $dercert;
+
# Contains the exit code of openssl/gnutls-certtool.
my $status = 0;
$status ||= system "$certtool --generate-privkey --outfile key.pem";
$status ||= system "$certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem --template $tmp";
$status ||= system "$certtool --generate-dh-params --bits 2048 --outfile dhparams.pem";
+ $dercert = `$certtool --certificate-info --infile cert.pem --outder` unless $status;
} elsif ($tool eq 'openssl') {
my $tmp = new File::Temp();
print $tmp <<__OPENSSL_END__;
close($tmp);
$status ||= system "cat $tmp | openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -days $days 2>/dev/null";
$status ||= system 'openssl dhparam -out dhparams.pem 2048';
+ $dercert = `openssl x509 -in cert.pem -outform DER` unless $status;
}
if ($status) {
print STDERR "SSL generation failed: $tool exited with a non-zero status!\n";
exit 1;
}
+
+if (defined $dercert && eval 'use Digest::SHA; 1') {
+ my $hash = Digest::SHA->new(256);
+ $hash->add($dercert);
+ print "\nAdd this TLSA record to your domain for DANE support:\n";
+ print "_6697._tcp." . $common_name . " TLSA 3 0 1 " . $hash->hexdigest . "\n";
+}