Last year I wrote a blog article on DNSSEC and Certificates. Occasionally I get questions from folks who've tried to follow my instructions to create the content of TLSA records, but have failed because they are using a version of openssl that is too old to generate SHA-256 and SHA-512 hashes.
I've written a small web application to help generate TLSA records. I hope this is of use to some folks:
https://www.huque.com/bin/gen_tlsa
(I apologize in advance for my rather primitive webpage design skills!)
Here is a screenshot of it in action to generate the TLSA record for my own website:
And the resulting TLSA record that was generated:
-- Shumon Huque
I've written a small web application to help generate TLSA records. I hope this is of use to some folks:
https://www.huque.com/bin/gen_tlsa
(I apologize in advance for my rather primitive webpage design skills!)
Here is a screenshot of it in action to generate the TLSA record for my own website:
And the resulting TLSA record that was generated:
-- Shumon Huque
