This application checks a DANE TLS Service. It connects to the specified TLS service and then attempts to authenticate its TLS server certificate according to its corresponding DANE TLSA records in the DNS.
Port: 443
Domain name: rdap.centralnic.com
Checking Transcript:
Host: rdap.centralnic.com Port: 443
SNI: rdap.centralnic.com
DNS TLSA RRset:
qname: _443._tcp.rdap.centralnic.com.
2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270
0 1 1 7f4296fc5b6a4e3b35d3c369623e364ab1af381d8fa7121533c9d6c633ea2461
0 1 1 f7ecded5c66047d28ed6466b543c40e0743abe81d109254dcf845d4c2c7853c5
0 1 1 36abc32656acfc645c61b71613c4bf21c787f5cabbee48348d58597803d7abc9
0 1 1 2b071c59a0a0ae76b0eadb2bad23bad4580b69c3601b630c2eaf0613afa83f92
2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03
2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
0 1 1 fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2
2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
IP Addresses found:
2a05:d018:1052:aa00:e6af:f23a:8a22:eab3
2a05:d018:1052:aa01:a9e9:8d14:2768:d17a
63.35.170.235
34.253.87.182
## Checking rdap.centralnic.com 2a05:d018:1052:aa00:e6af:f23a:8a22:eab3 port 443
DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [7f4296fc..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [f7ecded5..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [36abc326..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [2b071c59..]: OK matched TA certificate at depth 3
DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [8d02536c..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [fbe30180..]: OK matched TA certificate at depth 2
DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate
## Peer Certificate Chain:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## PKIX Certificate Chain 0:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
## PKIX Certificate Chain 1:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
3 CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## DANE Certificate Chain 0:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## TLS Connection Info:
TLS version: 1.2
CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
## End-Entity Certificate Info:
X509 version: 3
Serial#: 236210cdcf77f3227a4a90181fb477f
Subject: CN=rdap.centralnicregistry.com
Issuer: CN=Amazon RSA 2048 M02,O=Amazon,C=US
SAN dNSName: rdap.centralnicregistry.com
SAN dNSName: rdap.centralnic.com
Signature Algorithm: SHA256-RSA
PublicKey Algorithm: RSA 2048-Bits
Inception: 2025-01-09 00:00:00 +0000 UTC
Expiration: 2026-02-08 23:59:59 +0000 UTC
KU: KeyEncipherment DigitalSignature
EKU: ServerAuth ClientAuth
Is CA?: false
SKI: 7eecac1eea48581868b547bb84412ca0d5a2c5da
AKI: c03152cd5a50c3827c7471cecbe99cf97aeb82e2
OSCP Servers: [http://ocsp.r2m02.amazontrust.com]
CA Issuer URL: [http://crt.r2m02.amazontrust.com/r2m02.cer]
CRL Distribution: [http://crl.r2m02.amazontrust.com/r2m02.crl]
Policy OIDs: [2.23.140.1.2.1]
Result: DANE OK
## Checking rdap.centralnic.com 2a05:d018:1052:aa01:a9e9:8d14:2768:d17a port 443
DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [7f4296fc..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [f7ecded5..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [36abc326..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [2b071c59..]: OK matched TA certificate at depth 3
DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [8d02536c..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [fbe30180..]: OK matched TA certificate at depth 2
DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate
## Peer Certificate Chain:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## PKIX Certificate Chain 0:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
## PKIX Certificate Chain 1:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
3 CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## DANE Certificate Chain 0:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## TLS Connection Info:
TLS version: 1.2
CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
## End-Entity Certificate Info:
X509 version: 3
Serial#: 236210cdcf77f3227a4a90181fb477f
Subject: CN=rdap.centralnicregistry.com
Issuer: CN=Amazon RSA 2048 M02,O=Amazon,C=US
SAN dNSName: rdap.centralnicregistry.com
SAN dNSName: rdap.centralnic.com
Signature Algorithm: SHA256-RSA
PublicKey Algorithm: RSA 2048-Bits
Inception: 2025-01-09 00:00:00 +0000 UTC
Expiration: 2026-02-08 23:59:59 +0000 UTC
KU: KeyEncipherment DigitalSignature
EKU: ServerAuth ClientAuth
Is CA?: false
SKI: 7eecac1eea48581868b547bb84412ca0d5a2c5da
AKI: c03152cd5a50c3827c7471cecbe99cf97aeb82e2
OSCP Servers: [http://ocsp.r2m02.amazontrust.com]
CA Issuer URL: [http://crt.r2m02.amazontrust.com/r2m02.cer]
CRL Distribution: [http://crl.r2m02.amazontrust.com/r2m02.crl]
Policy OIDs: [2.23.140.1.2.1]
Result: DANE OK
## Checking rdap.centralnic.com 63.35.170.235 port 443
DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [7f4296fc..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [f7ecded5..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [36abc326..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [2b071c59..]: OK matched TA certificate at depth 3
DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [8d02536c..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [fbe30180..]: OK matched TA certificate at depth 2
DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate
## Peer Certificate Chain:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## PKIX Certificate Chain 0:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
## PKIX Certificate Chain 1:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
3 CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## DANE Certificate Chain 0:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## TLS Connection Info:
TLS version: 1.2
CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
## End-Entity Certificate Info:
X509 version: 3
Serial#: 236210cdcf77f3227a4a90181fb477f
Subject: CN=rdap.centralnicregistry.com
Issuer: CN=Amazon RSA 2048 M02,O=Amazon,C=US
SAN dNSName: rdap.centralnicregistry.com
SAN dNSName: rdap.centralnic.com
Signature Algorithm: SHA256-RSA
PublicKey Algorithm: RSA 2048-Bits
Inception: 2025-01-09 00:00:00 +0000 UTC
Expiration: 2026-02-08 23:59:59 +0000 UTC
KU: DigitalSignature KeyEncipherment
EKU: ServerAuth ClientAuth
Is CA?: false
SKI: 7eecac1eea48581868b547bb84412ca0d5a2c5da
AKI: c03152cd5a50c3827c7471cecbe99cf97aeb82e2
OSCP Servers: [http://ocsp.r2m02.amazontrust.com]
CA Issuer URL: [http://crt.r2m02.amazontrust.com/r2m02.cer]
CRL Distribution: [http://crl.r2m02.amazontrust.com/r2m02.crl]
Policy OIDs: [2.23.140.1.2.1]
Result: DANE OK
## Checking rdap.centralnic.com 34.253.87.182 port 443
DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [7f4296fc..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [f7ecded5..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [36abc326..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [2b071c59..]: OK matched TA certificate at depth 3
DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate
DANE TLSA 2 1 1 [8d02536c..]: FAIL did not match any TA certificate
DANE TLSA 0 1 1 [fbe30180..]: OK matched TA certificate at depth 2
DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate
## Peer Certificate Chain:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## PKIX Certificate Chain 0:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
## PKIX Certificate Chain 1:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
3 CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## DANE Certificate Chain 0:
0 CN=rdap.centralnicregistry.com
CN=Amazon RSA 2048 M02,O=Amazon,C=US
1 CN=Amazon RSA 2048 M02,O=Amazon,C=US
CN=Amazon Root CA 1,O=Amazon,C=US
2 CN=Amazon Root CA 1,O=Amazon,C=US
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
## TLS Connection Info:
TLS version: 1.2
CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
## End-Entity Certificate Info:
X509 version: 3
Serial#: 236210cdcf77f3227a4a90181fb477f
Subject: CN=rdap.centralnicregistry.com
Issuer: CN=Amazon RSA 2048 M02,O=Amazon,C=US
SAN dNSName: rdap.centralnicregistry.com
SAN dNSName: rdap.centralnic.com
Signature Algorithm: SHA256-RSA
PublicKey Algorithm: RSA 2048-Bits
Inception: 2025-01-09 00:00:00 +0000 UTC
Expiration: 2026-02-08 23:59:59 +0000 UTC
KU: DigitalSignature KeyEncipherment
EKU: ServerAuth ClientAuth
Is CA?: false
SKI: 7eecac1eea48581868b547bb84412ca0d5a2c5da
AKI: c03152cd5a50c3827c7471cecbe99cf97aeb82e2
OSCP Servers: [http://ocsp.r2m02.amazontrust.com]
CA Issuer URL: [http://crt.r2m02.amazontrust.com/r2m02.cer]
CRL Distribution: [http://crl.r2m02.amazontrust.com/r2m02.crl]
Policy OIDs: [2.23.140.1.2.1]
Result: DANE OK
[0] Authentication succeeded for all (4) peers.