Wednesday, October 23, 2013

TLSA Record Generator

Last year I wrote a blog article on DNSSEC and Certificates. Occasionally I get questions from folks who've tried to follow my instructions to create the content of TLSA records, but have failed because they are using a version of openssl that is too old to generate SHA-256 and SHA-512 hashes.

I've written a small web application to help generate TLSA records. I hope this is of use to some folks:

(I apologize in advance for my rather primitive webpage design skills!)

Here is a screenshot of it in action to generate the TLSA record for my own website:

And the resulting TLSA record that was generated:

-- Shumon Huque


  1. After going over a handful of the blog articles on your website, I truly appreciate your technique of writing a blog. I bookmarked it to my bookmark webpage list and will be checking back in the near future. Please check out my website as well and let me know what you think.