TLSA Validation Failed

Mark Elkins mje at
Tue Jul 14 11:27:06 CEST 2015

If Viktor speaks about TLSA/DANE - you should probably believe
him....  :-)

The way I create the  TLSA 3 0 1 from a WEB certificate is:

cat cert.crt | openssl x509 -outform DER  | openssl sha256

ie - the input is the ".crt" file.....

For reference purposes...
For email - you need a TLSA 311 Certificate.

cat cert.crt | openssl x509 -noout -pubkey | openssl pkey -pubin
-outform DER | openssl sha256

(all one line)

Mark James ELKINS  -  Posix Systems - (South) Africa
mje at       Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA:

More information about the dane-users mailing list