[ldns-users] TLSA verification using ldns-dane

A. Schulze sca at andreasschulze.de
Wed Jun 1 12:57:55 UTC 2016

Willem Toorop:

> You could collect the certificate with openssl s_client and then use
> ldns-dane to verify it.
> $ openssl s_client -connect nlnetlabs.nl:25 -starttls smtp | openssl  
> x509 >nlnetlabs.nl.smtp.crt
> $ ldns-dane -c nlnetlabs.nl.smtp.crt verify nlnetlabs.nl 25
> OU=Domain Control Validated, CN=*.nlnetlabs.nl dane-validated successfully

Thanks, that's what I could use


More information about the ldns-users mailing list