This application checks a DANE TLS Service. It connects to the specified TLS service and then attempts to authenticate its TLS server certificate according to its corresponding DANE TLSA records in the DNS.
Port: 443
Domain name: rdap.centralnic.com
Checking Transcript:
Host: rdap.centralnic.com Port: 443
SNI: rdap.centralnic.com
DNS TLSA RRset:
qname: _443._tcp.rdap.centralnic.com.
2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03
2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270
IP Addresses found:
2a04:2b00:119::c:110
2a04:2b00:119::c:10
119.252.181.110
119.252.181.10
## Checking rdap.centralnic.com 2a04:2b00:119::c:110 port 443
DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [8d02536c..]: OK matched TA certificate at depth 1
DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate
## Peer Certificate Chain:
0 CN=console.centralnic.com
CN=R3,O=Let's Encrypt,C=US
1 CN=R3,O=Let's Encrypt,C=US
CN=DST Root CA X3,O=Digital Signature Trust Co.
## Verified Certificate Chain 0:
0 CN=console.centralnic.com
CN=R3,O=Let's Encrypt,C=US
1 CN=R3,O=Let's Encrypt,C=US
CN=DST Root CA X3,O=Digital Signature Trust Co.
2 CN=DST Root CA X3,O=Digital Signature Trust Co.
CN=DST Root CA X3,O=Digital Signature Trust Co.
## TLS Connection Info:
TLS version: TLS1.2
CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
## End-Entity Certificate Info:
X509 version: 3
Serial#: 4c6437c8e52c2c6f0b83b5d9b32600f289a
Subject: CN=console.centralnic.com
Issuer: CN=R3,O=Let's Encrypt,C=US
SAN dNSName: console.centralnic.com
SAN dNSName: manage.centralnic.com
SAN dNSName: mls.centralnic.com
SAN dNSName: ote-console.centralnic.com
SAN dNSName: ote-registry-api.centralnic.com
SAN dNSName: portal.centralnic.com
SAN dNSName: portal.centralnicregistry.com
SAN dNSName: portal.ote.centralnicregistry.com
SAN dNSName: portal.prod.centralnic.com
SAN dNSName: portal.prod.centralnicregistry.com
SAN dNSName: rdap-ote.centralnic.com
SAN dNSName: rdap.centralnic.com
SAN dNSName: registrar-console.centralnic.com
SAN dNSName: registrar-ftp.centralnic.com
SAN dNSName: registry-api.centralnic.com
SAN dNSName: search-whois-xmlrpc.centralnic.com
SAN dNSName: search-whois.centralnic.com
SAN dNSName: sni.centralnic.com
SAN dNSName: whois-ote.centralnic.com
SAN dNSName: whois.centralnic.com
Signature Algorithm: SHA256-RSA
PublicKey Algorithm: RSA 2048-Bits
Inception: 2021-04-15 14:17:27 +0000 UTC
Expiration: 2021-07-14 14:17:27 +0000 UTC
KU: DigitalSignature KeyEncipherment
EKU: ServerAuth ClientAuth
Is CA?: false
SKI: 6d397e44bfd5aa29b1e366ce8c346ad6cf187efa
AKI: 142eb317b75856cbae500940e61faf9d8b14c2c6
OSCP Servers: [http://r3.o.lencr.org]
CA Issuer URL: [http://r3.i.lencr.org/]
CRL Distribution: []
Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1]
Result: DANE OK
## Checking rdap.centralnic.com 2a04:2b00:119::c:10 port 443
DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [8d02536c..]: OK matched TA certificate at depth 1
DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate
## Peer Certificate Chain:
0 CN=console.centralnic.com
CN=R3,O=Let's Encrypt,C=US
1 CN=R3,O=Let's Encrypt,C=US
CN=DST Root CA X3,O=Digital Signature Trust Co.
## Verified Certificate Chain 0:
0 CN=console.centralnic.com
CN=R3,O=Let's Encrypt,C=US
1 CN=R3,O=Let's Encrypt,C=US
CN=DST Root CA X3,O=Digital Signature Trust Co.
2 CN=DST Root CA X3,O=Digital Signature Trust Co.
CN=DST Root CA X3,O=Digital Signature Trust Co.
## TLS Connection Info:
TLS version: TLS1.2
CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
## End-Entity Certificate Info:
X509 version: 3
Serial#: 4c6437c8e52c2c6f0b83b5d9b32600f289a
Subject: CN=console.centralnic.com
Issuer: CN=R3,O=Let's Encrypt,C=US
SAN dNSName: console.centralnic.com
SAN dNSName: manage.centralnic.com
SAN dNSName: mls.centralnic.com
SAN dNSName: ote-console.centralnic.com
SAN dNSName: ote-registry-api.centralnic.com
SAN dNSName: portal.centralnic.com
SAN dNSName: portal.centralnicregistry.com
SAN dNSName: portal.ote.centralnicregistry.com
SAN dNSName: portal.prod.centralnic.com
SAN dNSName: portal.prod.centralnicregistry.com
SAN dNSName: rdap-ote.centralnic.com
SAN dNSName: rdap.centralnic.com
SAN dNSName: registrar-console.centralnic.com
SAN dNSName: registrar-ftp.centralnic.com
SAN dNSName: registry-api.centralnic.com
SAN dNSName: search-whois-xmlrpc.centralnic.com
SAN dNSName: search-whois.centralnic.com
SAN dNSName: sni.centralnic.com
SAN dNSName: whois-ote.centralnic.com
SAN dNSName: whois.centralnic.com
Signature Algorithm: SHA256-RSA
PublicKey Algorithm: RSA 2048-Bits
Inception: 2021-04-15 14:17:27 +0000 UTC
Expiration: 2021-07-14 14:17:27 +0000 UTC
KU: KeyEncipherment DigitalSignature
EKU: ServerAuth ClientAuth
Is CA?: false
SKI: 6d397e44bfd5aa29b1e366ce8c346ad6cf187efa
AKI: 142eb317b75856cbae500940e61faf9d8b14c2c6
OSCP Servers: [http://r3.o.lencr.org]
CA Issuer URL: [http://r3.i.lencr.org/]
CRL Distribution: []
Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1]
Result: DANE OK
## Checking rdap.centralnic.com 119.252.181.110 port 443
DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [8d02536c..]: OK matched TA certificate at depth 1
DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate
## Peer Certificate Chain:
0 CN=console.centralnic.com
CN=R3,O=Let's Encrypt,C=US
1 CN=R3,O=Let's Encrypt,C=US
CN=DST Root CA X3,O=Digital Signature Trust Co.
## Verified Certificate Chain 0:
0 CN=console.centralnic.com
CN=R3,O=Let's Encrypt,C=US
1 CN=R3,O=Let's Encrypt,C=US
CN=DST Root CA X3,O=Digital Signature Trust Co.
2 CN=DST Root CA X3,O=Digital Signature Trust Co.
CN=DST Root CA X3,O=Digital Signature Trust Co.
## TLS Connection Info:
TLS version: TLS1.2
CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
## End-Entity Certificate Info:
X509 version: 3
Serial#: 4c6437c8e52c2c6f0b83b5d9b32600f289a
Subject: CN=console.centralnic.com
Issuer: CN=R3,O=Let's Encrypt,C=US
SAN dNSName: console.centralnic.com
SAN dNSName: manage.centralnic.com
SAN dNSName: mls.centralnic.com
SAN dNSName: ote-console.centralnic.com
SAN dNSName: ote-registry-api.centralnic.com
SAN dNSName: portal.centralnic.com
SAN dNSName: portal.centralnicregistry.com
SAN dNSName: portal.ote.centralnicregistry.com
SAN dNSName: portal.prod.centralnic.com
SAN dNSName: portal.prod.centralnicregistry.com
SAN dNSName: rdap-ote.centralnic.com
SAN dNSName: rdap.centralnic.com
SAN dNSName: registrar-console.centralnic.com
SAN dNSName: registrar-ftp.centralnic.com
SAN dNSName: registry-api.centralnic.com
SAN dNSName: search-whois-xmlrpc.centralnic.com
SAN dNSName: search-whois.centralnic.com
SAN dNSName: sni.centralnic.com
SAN dNSName: whois-ote.centralnic.com
SAN dNSName: whois.centralnic.com
Signature Algorithm: SHA256-RSA
PublicKey Algorithm: RSA 2048-Bits
Inception: 2021-04-15 14:17:27 +0000 UTC
Expiration: 2021-07-14 14:17:27 +0000 UTC
KU: KeyEncipherment DigitalSignature
EKU: ServerAuth ClientAuth
Is CA?: false
SKI: 6d397e44bfd5aa29b1e366ce8c346ad6cf187efa
AKI: 142eb317b75856cbae500940e61faf9d8b14c2c6
OSCP Servers: [http://r3.o.lencr.org]
CA Issuer URL: [http://r3.i.lencr.org/]
CRL Distribution: []
Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1]
Result: DANE OK
## Checking rdap.centralnic.com 119.252.181.10 port 443
DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [8d02536c..]: OK matched TA certificate at depth 1
DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate
## Peer Certificate Chain:
0 CN=console.centralnic.com
CN=R3,O=Let's Encrypt,C=US
1 CN=R3,O=Let's Encrypt,C=US
CN=DST Root CA X3,O=Digital Signature Trust Co.
## Verified Certificate Chain 0:
0 CN=console.centralnic.com
CN=R3,O=Let's Encrypt,C=US
1 CN=R3,O=Let's Encrypt,C=US
CN=DST Root CA X3,O=Digital Signature Trust Co.
2 CN=DST Root CA X3,O=Digital Signature Trust Co.
CN=DST Root CA X3,O=Digital Signature Trust Co.
## TLS Connection Info:
TLS version: TLS1.2
CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
## End-Entity Certificate Info:
X509 version: 3
Serial#: 4c6437c8e52c2c6f0b83b5d9b32600f289a
Subject: CN=console.centralnic.com
Issuer: CN=R3,O=Let's Encrypt,C=US
SAN dNSName: console.centralnic.com
SAN dNSName: manage.centralnic.com
SAN dNSName: mls.centralnic.com
SAN dNSName: ote-console.centralnic.com
SAN dNSName: ote-registry-api.centralnic.com
SAN dNSName: portal.centralnic.com
SAN dNSName: portal.centralnicregistry.com
SAN dNSName: portal.ote.centralnicregistry.com
SAN dNSName: portal.prod.centralnic.com
SAN dNSName: portal.prod.centralnicregistry.com
SAN dNSName: rdap-ote.centralnic.com
SAN dNSName: rdap.centralnic.com
SAN dNSName: registrar-console.centralnic.com
SAN dNSName: registrar-ftp.centralnic.com
SAN dNSName: registry-api.centralnic.com
SAN dNSName: search-whois-xmlrpc.centralnic.com
SAN dNSName: search-whois.centralnic.com
SAN dNSName: sni.centralnic.com
SAN dNSName: whois-ote.centralnic.com
SAN dNSName: whois.centralnic.com
Signature Algorithm: SHA256-RSA
PublicKey Algorithm: RSA 2048-Bits
Inception: 2021-04-15 14:17:27 +0000 UTC
Expiration: 2021-07-14 14:17:27 +0000 UTC
KU: KeyEncipherment DigitalSignature
EKU: ServerAuth ClientAuth
Is CA?: false
SKI: 6d397e44bfd5aa29b1e366ce8c346ad6cf187efa
AKI: 142eb317b75856cbae500940e61faf9d8b14c2c6
OSCP Servers: [http://r3.o.lencr.org]
CA Issuer URL: [http://r3.i.lencr.org/]
CRL Distribution: []
Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1]
Result: DANE OK
[0] Authentication succeeded for all (4) peers.