tip for generating tls_fingerprints

2017-10-24 18:49:44 +01:00 · 2017-10-24 18:49:44 +01:00 · efd0f5a3c5
parent 9e2c22c97f
commit efd0f5a3c5
1 changed files with 6 additions and 0 deletions
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@ -109,6 +109,12 @@ class TlsConfig(Config):
        # key. It may be necessary to publish the fingerprints of a new
        # certificate and wait until the "valid_until_ts" of the previous key
        # responses have passed before deploying it.
+        #
+        # You can calculate a fingerprint from a given TLS listener via:
+        # openssl s_client -connect $host:$port < /dev/null 2> /dev/null |
+        #   openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '='
+        # or by checking matrix.org/federationtester/api/report?server_name=$host
+        #
        tls_fingerprints: []
        # tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
        """ % locals()