Check a DANE TLS Service

This application checks a DANE TLS Service. It connects to the specified TLS service and then attempts to authenticate its TLS server certificate according to its corresponding DANE TLSA records in the DNS.

Other DANE Tools

Check a DANE TLS SMTP Service
Generate a DNS TLSA record
Generate a DNS OPENPGPKEY record
DANE TLS Test Sites

References

RFC 6698: DANE and TLSA record specification, August 2012
RFC 7671: DANE Protocol: Updates and Operational Guidance
RFC 7672: SMTP Security via opportunistic DANE TLS
Unknown Key-Share Attacks on DANE
DNSSEC and Certificates; October 19 2012
How DANE Strengthens Security for TLS, S/MIME, and Other Applications; November 2015
Whither DANE? -- APNIC Blog; July 05 2019
Shumon Huque's website