tlsa - Online in the Cloud

Run tlsa in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command tlsa that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

Run in Ubuntu Run in Fedora Run in Windows Sim Run in MACOS Sim

PROGRAM:

NAME

tlsa - Create and verify RFC-6698 TLSA DNS records

SYNTAX

tlsa [-h] [--verify] [-create] [--version] [-4] [-6--insecure] [--resolv.conf
/PATH/TO/RESOLV.CONF] [--port PORT] [--protocol {tcp,udp,sctp}] [--ponly-rr] [--ca-cert
/PATH/TO/CERTSTORE ] [--rootkey /PATH/TO/ROOT.KEY ] [--quiet] [--certificate CERTIFICATE ]
[--output {rfc,generic,both}] [-usage {0,1,2,3} ] [--selector {0,1}] [-mtype {0,1,2} ]
hostname

DESCRIPTION

tlsa generates RFC-6698 TLSA DNS records. To generate these records for older nameserver
implementations that do not yet support the TLSA record, specify --output generic to
output the tlsa data in Generic Record (RFC-3597) format. Records are generated by
connecting to the website using SSL and grabbing the (EE) certificate and the CA chain.
Depending on the type and selector used, this information is used to generate TLSA
records. Currently. tlsa has no AXFR support for en-mass TLSA record generation.

OPTIONS

--create
Create a TLSA record

--verify
Verify a TLSA record

--protocol tcp | udp | sctp
Use a specific transport protocol (default: tcp)

--resolvconf FILE
Specify a custom resolv.conf file (default: /etc/resolv.conf)

--port PORT
Use specified port (default: 443)

--only-rr
Only print the DNS TLSA record

--certificate file.crt
Use specified certificate file, instead of retrieving the certificate from the server

--ca-cert directory
Use specified directory containing CA bundles for CA validation
(default:/etc/pki/tls/certs)

--rootkey filename
Use specified file to read the DNSSEC root key (in anchor or bind format)

--output rfc | generic | both
Output format of TLSA record. "TLSA" for rfc, "TYPE52" for generic (default: rfc)

--usage0 | 1 | 2 | 3
Usage type: public CA (0), EE match validated by public CA (1), private CA (2),
private EE (3) (default:3)

--selector0 | 1
The selector type describes what the type covers - full certificate (0) or public key
(1) (default:0)

--mtype0 | 1 | 2
Type of the TLSA data. Exact match on content (0), SHA256 (1) or SHA512 (2)
(default:0)

If neither create or verify is specified, create is used.

REQUIREMENTS

tlsa requires the following python libraries: unbound, m2crypto, argparse and ipaddr

Use tlsa online using onworks.net services