On 23/12/15 18:01, Jeremy Harris wrote:
> ... but you do need to get that CA cert into a file which is a
> pain if it's not a private-CA. I need to work up a decent method
> for generating a TA-mode TLSA for a random site using a public-CA.
One hacking incident later:
openssl s_client -connect <SERVER-HOST>:25 -starttls smtp -showcerts
2>/dev/null \
| awk '/-----BEGIN CERTIFICATE-----/ { c=""; p=1 } /-----END CERTIFICATE-----/
{c = c $0 "\n"; p=0 } { if (p>0) c = c $0 "\n"; } END { print c }' \
| openssl x509 -fingerprint -sha256 -noout \
| awk -F= '{print $2}' \
| tr -d : | tr '[A-F]' '[a-f]'
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
