Skip to content

Instantly share code, notes, and snippets.

@dkrusky

dkrusky/get-letsencrypt-key-pin.sh

Last active December 20, 2018 20:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dkrusky/d26ee02d3172c2fdf791856636f1f86b to your computer and use it in GitHub Desktop.
Save dkrusky/d26ee02d3172c2fdf791856636f1f86b to your computer and use it in GitHub Desktop.
Download ZIP
LetsEncrypt get sha256 keypin headers for HSTS/HPKP apache2
Raw
get-letsencrypt-key-pin.sh
#!/bin/bash
HPKP=`openssl x509 -in /etc/letsencrypt/live/"$1"/cert.pem -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64`
echo "<IfModule mod_headers.c>"
echo " Header Always set Strict-Transport-Security \"max-age=31536000; includeSubdomains; preload\" env=HTTPS"
echo " Header always set Public-Key-Pins \"pin-sha256=\\\"$HPKP\\\"; max-age=5184000"
echo "</IfModule>"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment