This application checks a DANE TLS Service. It connects to the specified TLS service and then attempts to authenticate its TLS server certificate according to its corresponding DANE TLSA records in the DNS.
Port: 443
Domain name: johnscott.me
Checking Transcript:
Host: johnscott.me Port: 443 SNI: johnscott.me DNS TLSA RRset: qname: _443._tcp.johnscott.me. 3 1 1 3c2ac10bea704d0cb6ef440690535e563ba144dfc263d77ef0ebd62f2b5f82da 3 1 1 749668855d3b65315767373bf854461abb7848e3157a5dbca714eb50defe6d5b IP Addresses found: 2600:3c03::f03c:93ff:fef6:24 172.104.214.157 ## Checking johnscott.me 2600:3c03::f03c:93ff:fef6:24 port 443 DANE TLSA 3 1 1 [3c2ac10b..]: not checked DANE TLSA 3 1 1 [74966885..]: not checked Result: FAILED: dial tcp [2600:3c03::f03c:93ff:fef6:24]:443: connect: no route to host ## Checking johnscott.me 172.104.214.157 port 443 DANE TLSA 3 1 1 [3c2ac10b..]: FAIL did not match EE certificate DANE TLSA 3 1 1 [74966885..]: OK matched EE certificate ## Peer Certificate Chain: 0 CN=johnscott.me CN=E6,O=Let's Encrypt,C=US 1 CN=E6,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## PKIX Certificate Chain 0: 0 CN=johnscott.me CN=E6,O=Let's Encrypt,C=US 1 CN=E6,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## DANE Certificate Chain 0: 0 CN=johnscott.me CN=E6,O=Let's Encrypt,C=US 1 CN=E6,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## TLS Connection Info: TLS version: 1.3 CipherSuite: TLS_AES_128_GCM_SHA256 ## End-Entity Certificate Info: X509 version: 3 Serial#: 5ad473c857da03b83f88c7c92002a8fd3a4 Subject: CN=johnscott.me Issuer: CN=E6,O=Let's Encrypt,C=US SAN dNSName: *.johnscott.me SAN dNSName: johnscott.me Signature Algorithm: ECDSA-SHA384 PublicKey Algorithm: ECDSA 510-Bits Inception: 2025-04-06 00:09:06 +0000 UTC Expiration: 2025-07-05 00:09:05 +0000 UTC KU: DigitalSignature EKU: ServerAuth ClientAuth Is CA?: false SKI: 23295582b5340238913d99b9652f0e5a3ad8e5f1 AKI: 9327469803a951688e98d6c44248db23bf5894d2 OSCP Servers: [http://e6.o.lencr.org] CA Issuer URL: [http://e6.i.lencr.org/] CRL Distribution: [http://e6.c.lencr.org/37.crl] Policy OIDs: [2.23.140.1.2.1] Result: DANE OK [1] Authentication succeeded for some (1 of 2) peers.