-
Use csplit to split the full chain.
$ csplit -f cert- /etc/letsencrypt/live/path/to/fullchain.pem '/-----BEGIN CERTIFICATE-----/' '{*}'
-
Get the hashes from the parts
$ openssl x509 -noout -in cert-00 -pubkey | openssl rsa -pubin -outform der |openssl dgst -sha256 -binary | base64
-
Update nginx headers
add_header Public-Key-Pins 'pin-sha256="xDzXdAop5winlAbC7dqKey6pJyaV7Sk+wbSOx8z49cE="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; max-age=5184000; includeSubDomains';
Created
April 14, 2017 16:22
-
-
Save ngerakines/eeae6c7b5ce58a85f9fb55437d90234f to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment