sq-network-dane-generate - Man Page
Generate DANE records for the given domain and certs
Synopsis
sq network dane generate [Options] FQDN CERT-RING
Description
Generate DANE records for the given domain and certs.
The certificates are minimized, and one record per email address is emitted. If multiple user IDs map to one email address, then all matching user IDs are included in the emitted certificates.
By default, OPENPGPKEY resource records are emitted. If your DNS server doesn't understand those, use `--generic` to emit generic records instead.
Options
Subcommand options
- --generic
Emit generic resource records [default: OPENPGPKEY records]
- --size-limit=BYTES
Try to shrink the certificates to this size
[default: 12288]
- --skip
Skip expired certificates and those that do not have User IDs for given domain.
- --ttl=DURATION
Set the TTL (maximum cache duration) of the resource records
[default: 10800]
- FQDN
Generate DANE records for this domain name
- CERT-RING
Emit records for certificates from CERT-RING (or stdin if omitted)
[default: -]
Global options
See sq(1) for a description of the global options.
Examples
Generate DANE records from juliet.pgp for example.org.
sq network dane generate example.org juliet.pgp
See Also
sq(1), sq-network(1), sq-network-dane(1).
For the full documentation see <https://book.sequoia-pgp.org>.
Version
0.38.0 (sequoia-openpgp 1.21.2)