Maddy: Difference between revisions
imported>Onny mNo edit summary |
imported>Onny Add note on how to verify DANE TLSA record |
||
| Line 152: | Line 152: | ||
Using a TLSA (DANE) record is recommended to bind TLS-certificates to a server. You can generate the key using following command | Using a TLSA (DANE) record is recommended to bind TLS-certificates to a server. You can generate the key using following command | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
# nix shell nixpkgs#hash-slinger --command tlsa --create --selector 1 --protocol tcp -p 25 --create mx1.example.org | # nix shell nixpkgs#hash-slinger --command tlsa --create --selector 1 --protocol tcp -p 25 --create mx1.example.org | ||
| Line 164: | Line 165: | ||
''; | ''; | ||
</nowiki>}} | </nowiki>}} | ||
To verify if the record is set correctly | |||
<syntaxhighlight lang="console"> | |||
# nix shell nixpkgs#dnsutils --command dig _25._tcp.mx1.example.org TLSA +short | |||
3 1 1 0F35F6CEAF10B4537989E16D3DAD170D83FD59BCF4C4562E581AABB4 CC159A32 | |||
</syntaxhighlight> | |||
=== Managing users and inboxes === | === Managing users and inboxes === | ||