TLSA Validation Failed

Mark Elkins mje at
Tue Jul 14 12:55:03 CEST 2015

I presume he connected to your SSL protected website directly - using
openssl.... (almost a replacement for
   "telnet xn----ymcadjpj1at5o.xn--wgbh1c 443")

# openssl s_client -connect xn----ymcadjpj1at5o.xn--wgbh1c:443

Then - echo the server certificate part.... through the commands I gave

echo "-----BEGIN CERTIFICATE-----
[bit in the middle deleted due to 40K limit of message size]
> BXBpup6UrH+A4ikdAV+H2HKUwtLOtywjxcpKEPAOmAaGsnt0JwlTNJyyupEO6dCf
> 3xnY
> " | openssl x509 -outform DER  | openssl sha256

or equally do this all in one step - but I think this may actually
"hide" too much of the logic of what happens...

# openssl s_client -connect xn----ymcadjpj1at5o.xn--wgbh1c:443 | openssl
x509 -outform DER  | openssl sha256


On Tue, 2015-07-14 at 10:05 +0000, Abdelmeniem Tharwat wrote:
> Dear Mark ,
> 	Thanks for your response , actually I am asked about how Viktor generate the TLSA record "The Correct" ?  as my problem was in the record
> Generated by openssl command which is like what you sent to me "Same TLSA record".
> It is working now , but may Viktor have a time to send me how he generated the TLSA record ?
> Thanks

Mark James ELKINS  -  Posix Systems - (South) Africa
mje at       Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA:

More information about the dane-users mailing list