Setting up Dane again from start
Frank Fiene
ffiene at veka.com
Wed Feb 11 12:07:40 CET 2015
Hi,
just from start i did the following steps:
1.) Our DNS provider has secured the domain veka.com with DNSSEC: http://dnssec-debugger.verisignlabs.com/veka.com
2.) I’ve computed "openssl x509 -in mail.veka.com.crt -outform DER | openssl sha256“ the 256bit hash from the complete certificate chain which is used by Postfix as well.
04459a87d803ee5d2450114c09e8370dc51b27716431378cfa5560e153aed957
3.) Our DNS provider has added this to the domain and has signed it again (no idea why there is a blank!).
_*._tcp.mail.veka.com. 3600 IN TLSA 3 0 1 04459A87D803EE5D2450114C09E8370DC51B27716431378CFA5560E1 53AED957
4.) I am still getting the error https://dane.sys4.de/smtp/veka.com
In TLSA 3 0 1 should be correct, right? I ma using the whole certificate chain for the hash, the same certificate file i’ve configured within Postfix.
_*._tcp.mail.veka.com. should be also working!
So what might be the problem now?
Kind regards!
Frank
--
Frank Fiene
IT-Security Manager VEKA Group
Fon: +49 2526 29-6200
Fax: +49 2526 29-16-6200
mailto: ffiene at veka.com
http://www.veka.com
PGP-ID: 62112A51
PGP-Fingerprint: 7E12 D61B 40F0 212D 5A55 765D 2A3B B29B 6211 2A51
Threema: VZK5NDWW
VEKA AG
Dieselstr. 8
48324 Sendenhorst
Deutschland/Germany
Vorstand/Executive Board: Andreas Hartleif (Vorsitzender/CEO),
Dr. Andreas W. Hillebrand, Bonifatius Eichwald, Elke Hartleif, Dr. Werner Schuler,
Vorsitzender des Aufsichtsrates/Chairman of Supervisory Board: Ulrich Weimer
HRB 8282 AG Münster/District Court of Münster
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150211/1f8689e0/attachment.pgp>
More information about the dane-users
mailing list