Hello, I had some trouble finding out how to extract the SPKI from an x.509 certificate to use in TLSA records. I stumbled upon https://www.huque.com/bin/gen_tlsa and based on matching the output, I came up with the openssl/sha256sum command lines listed below. The first one is based on the private key file and the second on an x.509 certificate that contains the same public key. Can someone verify these produce the correct results for use with tlsa dane-ee spki sha-256 records? Naturally these exact syntaxes only work for RSA keys.
from private key: openssl rsa -in private.key -outform der -pubout |sha256sum from x509 certificate: openssl x509 -in x509.crt -pubkey -noout|openssl rsa -pubin -outform der|sha256sum Tapio _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
