NAME
sq network dane generate - Generate DANE records for the given domain and certs
SYNOPSIS
sq network dane generate [OPTIONS] FQDN CERT-RING
DESCRIPTION
Generate DANE records for the given domain and certs.
The certificates are minimized, and one record per email address is emitted. If multiple user IDs map to one email address, then all matching user IDs are included in the emitted certificates.
By default, OPENPGPKEY resource records are emitted. If your DNS server doesn’t understand those, use ’--generic’ to emit generic records instead.
OPTIONS
Subcommand
options
--generic
Emit generic resource records [default: OPENPGPKEY records]
-s, --skip
Skip expired certificates and those that do not have User IDs for given domain.
--size-limit=BYTES
Try to shrink the certificates to this size
--ttl=DURATION
Set the TTL (maximum cache duration) of the resource records
|
FQDN |
Generate DANE records for this domain name |
CERT-RING
Emit records for certificates from CERT-RING (or stdin if omitted)
Global
options
See sq(1) for a description of the global
options.
EXAMPLES
Generate DANE records from certs.pgp for example.com.
sq dane generate example.com certs.pgp
SEE ALSO
sq(1), sq-network(1), sq-network-dane(1).
For the full documentation see <https://book.sequoia-pgp.org>;.
VERSION
0.34.0 (sequoia-openpgp 1.19.0)