Maddy: Difference between revisions
imported>Onny Switch to smtps for hash-slinger tlsa command |
imported>Onny mNo edit summary |
||
| Line 123: | Line 123: | ||
Using a TLSA (DANE) record is recommended to bind TLS-certificates to a server. You can generate the key using following command | Using a TLSA (DANE) record is recommended to bind TLS-certificates to a server. You can generate the key using following command | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
# nix shell nixpkgs#hash-slinger --command tlsa --create --selector 1 --protocol tcp -p | # nix shell nixpkgs#hash-slinger --command tlsa --create --selector 1 --protocol tcp -p 25 --create mx1.example.org | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 131: | Line 131: | ||
services.nsd.zones."example.org.".data = '' | services.nsd.zones."example.org.".data = '' | ||
[...] | [...] | ||
_25._tcp.mx1.example.org. TLSA 3 1 1 7f59d873a70e224b184c95a4eb54caa9621e47d48b4a25d312d83d96e3498238 | |||
''; | ''; | ||
</nowiki>}} | </nowiki>}} | ||