Re: [exim] Next Exim release

On 23/12/15 18:01, Jeremy Harris wrote:
> ... but you do need to get that CA cert into a file which is a
> pain if it's not a private-CA. I need to work up a decent method
> for generating a TA-mode TLSA for a random site using a public-CA.

One hacking incident later:

openssl s_client -connect <SERVER-HOST>:25 -starttls smtp -showcerts 2>/dev/null \
| awk '/-----BEGIN CERTIFICATE-----/ { c=""; p=1 } /-----END CERTIFICATE-----/ {c = c $0 "\n"; p=0 } { if (p>0) c = c $0 "\n"; } END { print c }' \
| openssl x509 -fingerprint -sha256 -noout \
| awk -F= '{print $2}' \
| tr -d : | tr '[A-F]' '[a-f]'

--
Cheers,
Jeremy