From f6cd4a5420c9e33a1044d2f705c4276f5f03e5e0 Mon Sep 17 00:00:00 2001 From: Max Grupper Date: Wed, 23 Aug 2023 14:32:14 +0300 Subject: [PATCH 1/2] update command for obtaining tbscert hash --- docs/miscellaneous/create-dns-stamp.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/docs/miscellaneous/create-dns-stamp.md b/docs/miscellaneous/create-dns-stamp.md index a215e9b65..9aaaff197 100644 --- a/docs/miscellaneous/create-dns-stamp.md +++ b/docs/miscellaneous/create-dns-stamp.md @@ -56,8 +56,16 @@ Types of Secure DNS include `DNS-over-HTTPS (DoH)`, `DNS-over-QUIC (DoQ)`, and ` To fill in the **Hashes of the server's certificate** field, you can use the following command, replacing ``, ``, and `` with the corresponding values for your DNS server: +For UNIX-like systems: + +```bash +echo | openssl s_client -connect : -servername 2>/dev/null | openssl x509 -outform der | openssl asn1parse -inform der -strparse 4 -noout -out - | sha256sum +``` + +For macOS: + ```bash -echo | openssl s_client -connect : -servername 2>/dev/null | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 +echo | openssl s_client -connect : -servername 2>/dev/null | openssl x509 -outform der | openssl asn1parse -inform der -strparse 4 -noout -out - | shasum -a 256 ``` :::caution @@ -88,10 +96,10 @@ Let's go through an example of creating a stamp for AdGuard DNS using DoT: Execute the command ```bash - echo | openssl s_client -connect 94.140.14.14:853 -servername dns.adguard-dns.com 2>/dev/null | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 + echo | openssl s_client -connect 94.140.14.14:853 -servername dns.adguard-dns.com 2>/dev/null | openssl x509 -outform der | openssl asn1parse -inform der -strparse 4 -noout -out - | shasum -a 256 ``` - The result is `a54670fda8ed13bded0a9515f35d0a2bed937e100aa6282703cb3b87282055ec` + The result is `1ebea9685d57a3063c427ac4f0983f34e73c129b06e7e7705640cacd40c371c8` Paste this SHA256 hash of the server's certificate into the field. 4. Leave the Properties section blank. From 0122ec2002e54146addd2bb30109ba00675c4931 Mon Sep 17 00:00:00 2001 From: Max Grupper Date: Mon, 28 Aug 2023 13:38:39 +0300 Subject: [PATCH 2/2] simplify --- docs/miscellaneous/create-dns-stamp.md | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/docs/miscellaneous/create-dns-stamp.md b/docs/miscellaneous/create-dns-stamp.md index 9aaaff197..efc6bf628 100644 --- a/docs/miscellaneous/create-dns-stamp.md +++ b/docs/miscellaneous/create-dns-stamp.md @@ -56,16 +56,8 @@ Types of Secure DNS include `DNS-over-HTTPS (DoH)`, `DNS-over-QUIC (DoQ)`, and ` To fill in the **Hashes of the server's certificate** field, you can use the following command, replacing ``, ``, and `` with the corresponding values for your DNS server: -For UNIX-like systems: - -```bash -echo | openssl s_client -connect : -servername 2>/dev/null | openssl x509 -outform der | openssl asn1parse -inform der -strparse 4 -noout -out - | sha256sum -``` - -For macOS: - ```bash -echo | openssl s_client -connect : -servername 2>/dev/null | openssl x509 -outform der | openssl asn1parse -inform der -strparse 4 -noout -out - | shasum -a 256 +echo | openssl s_client -connect : -servername 2>/dev/null | openssl x509 -outform der | openssl asn1parse -inform der -strparse 4 -noout -out - | openssl dgst -sha256 ``` :::caution @@ -96,7 +88,7 @@ Let's go through an example of creating a stamp for AdGuard DNS using DoT: Execute the command ```bash - echo | openssl s_client -connect 94.140.14.14:853 -servername dns.adguard-dns.com 2>/dev/null | openssl x509 -outform der | openssl asn1parse -inform der -strparse 4 -noout -out - | shasum -a 256 + echo | openssl s_client -connect 94.140.14.14:853 -servername dns.adguard-dns.com 2>/dev/null | openssl x509 -outform der | openssl asn1parse -inform der -strparse 4 -noout -out - | openssl dgst -sha256 ``` The result is `1ebea9685d57a3063c427ac4f0983f34e73c129b06e7e7705640cacd40c371c8`