Generate HPKP or TLSA fingerprint

hpkp-tlsa.sh

#!/bin/bash
# Uses pkey instead of rsa so it also works with ecc certs
case "$1" in
hpkp)
        case "$2" in
        key)
                openssl pkey -in "$3" -outform der -pubout 2>/dev/null | openssl dgst -sha256 -binary | openssl enc -base64
                ;;
        csr)
                openssl req -in "$3" -pubkey -noout | openssl pkey -pubin -outform der 2>/dev/null | openssl dgst -sha256 -binary | openssl enc -base64
                ;;
        crt)
                openssl x509 -in "$3" -pubkey -noout | openssl pkey -pubin -outform der 2>/dev/null | openssl dgst -sha256 -binary | openssl enc -base64
                ;;
        esac
        ;;
tlsa)
        case "$2" in
        key)
                openssl pkey -in "$3" -outform der -pubout 2>/dev/null | openssl dgst -sha512 -hex
                ;;
        csr)
                openssl req -in "$3" -pubkey -noout | openssl pkey -pubin -outform der 2>/dev/null | openssl dgst -sha512 -hex
                ;;
        crt)
                openssl x509 -in "$3" -pubkey -noout | openssl pkey -pubin -outform der 2>/dev/null | openssl dgst -sha512 -hex
                ;;
        esac
        ;;
esac