Donate
‹ Back
Deploy360 6 December 2013

Want To Quickly Create A TLSA Record For DANE / DNSSEC?

Dan York
By Dan YorkDirector, Content and Web Strategy

Generate-TLSA-Record-3Would you like to use the DANE protocol to secure your SSL/TLS certificate via DNSSEC?  If so, the first step is to generate and publish a “TLSA record” in DNS – and that record generation can be a stumbling block for some people.  While there are command-line tools such as just the basic “openssl” or Paul Wouter’s “hash-slinger“, Shumon Huque recently released a web interface that lets you easily create a TLSA record.  As Shumon writes about on his blog, the tool is at:

https://www.huque.com/bin/gen_tlsa

All you need to do is to set the type of TLSA record you want to create, paste in the X.509 certificate, and enter the appropriate port number, protocol and domain name.  Shumon’s script then generates the appropriate TLSA record that you can paste into your DNS zone file.

Last year, Shumon wrote a post on “DNSSEC and Certificates” where he walked through how to do this using openssl on the command line – this latest post now builds on that to make it even easier.

It’s excellent that Shumon has made this tool available and we look forward to seeing many more TLSA records out there!  (If you have a SSL/TLS cert for your website, how about adding a TLSA record today?)

‹ Back

Related articles

Hash-slinger Helps You Easily Create TLSA records for DNSSEC / DANE
Deploy36030 November 2012

Hash-slinger Helps You Easily Create TLSA records for DNSSEC / DANE

If you are looking to get started with the DANE protocol to provide higher security for SSL/TLS certificates, a basic...

Walking Through Setting Up A TLSA Record for DNSSEC/DANE
Deploy36019 October 2012

Walking Through Setting Up A TLSA Record for DNSSEC/DANE

In a post titled "DNSSEC and Certificates" today, Shumon Huque provides a nice walk-through of the steps needed to get...

OpenSSL 1.1.0 released
Deploy3607 September 2016

OpenSSL 1.1.0 released

Catching up on developments from last week, and it's worth mentioning that version 1.1.0 of OpenSSL has been released. As well...

Join the conversation with Internet Society members around the world