TLSA Validation Failed
Mark Elkins
mje at posix.co.za
Tue Jul 14 11:27:06 CEST 2015
If Viktor speaks about TLSA/DANE - you should probably believe
him.... :-)
The way I create the TLSA 3 0 1 from a WEB certificate is:
cat cert.crt | openssl x509 -outform DER | openssl sha256
ie - the input is the ".crt" file.....
For reference purposes...
For email - you need a TLSA 311 Certificate.
cat cert.crt | openssl x509 -noout -pubkey | openssl pkey -pubin
-outform DER | openssl sha256
(all one line)
--
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
More information about the dane-users
mailing list