Check a DANE TLS Service

This application checks a DANE TLS Service. It connects to the specified TLS service and then attempts to authenticate its TLS server certificate according to its corresponding DANE TLSA records in the DNS.

Port: 5223
Domain name: chatrix.one
Name Check for DANE-EE: on

DANE Authentication Successful.


Checking Transcript:

Host: chatrix.one Port: 5223
SNI: chatrix.one
DNS TLSA RRset:
  qname: _5223._tcp.chatrix.one.
  3 1 1 6c56fd6de8f0a3ccd7e20d9ad3c056ae17957d25ed2615cac226293209a7ee67
IP Addresses found:
  140.238.214.118

## Checking chatrix.one 140.238.214.118 port 5223
DANE TLSA 3 1 1 [6c56fd6d..]: OK matched EE certificate
## Peer Certificate Chain:
   0 CN=chatrix.one
     CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT
   1 CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT
     CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
   2 CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
     CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
## PKIX Certificate Chain 0:
   0 CN=chatrix.one
     CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT
   1 CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT
     CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
   2 CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
     CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
## PKIX Certificate Chain 1:
   0 CN=chatrix.one
     CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT
   1 CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT
     CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
   2 CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
     CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
   3 CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
     CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
## DANE Certificate Chain 0:
   0 CN=chatrix.one
     CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT
   1 CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT
     CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
   2 CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
     CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
## TLS Connection Info:
   TLS version: 1.3
   CipherSuite: TLS_AES_256_GCM_SHA384
## End-Entity Certificate Info:
   X509 version: 3
   Serial#: cbf8a1aff27bf4dee6912166b2aacb27
   Subject: CN=chatrix.one
   Issuer:  CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT
   SAN dNSName: chatrix.one
   SAN dNSName: conference.chatrix.one
   SAN dNSName: proxy.chatrix.one
   SAN dNSName: pubsub.chatrix.one
   SAN dNSName: upload.chatrix.one
   Signature Algorithm: SHA384-RSA
   PublicKey Algorithm: RSA 2048-Bits
   Inception:  2025-01-22 00:00:00 +0000 UTC
   Expiration: 2025-04-22 23:59:59 +0000 UTC
   KU: KeyEncipherment DigitalSignature
   EKU: ServerAuth ClientAuth
   Is CA?: false
   SKI: 84238b63488859d6e9a5fab3a4156a5adf63dd47
   AKI: c8d97868a2d91968d53d72de5f0a3edcb58686a6
   OSCP Servers: [http://zerossl.ocsp.sectigo.com]
   CA Issuer URL: [http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt]
   CRL Distribution: []
   Policy OIDs: [1.3.6.1.4.1.6449.1.2.2.78 2.23.140.1.2.1]
Result: DANE OK

[0] Authentication succeeded for all (1) peers.




Check another DANE service?


Other DANE Tools


References