Check a DANE TLS Service

This application checks a DANE TLS Service. It connects to the specified TLS service and then attempts to authenticate its TLS server certificate according to its corresponding DANE TLSA records in the DNS.

Port: 443
Domain name: rdap.centralnic.com

DANE Authentication Successful.


Checking Transcript:

Host: rdap.centralnic.com Port: 443
SNI: rdap.centralnic.com
DNS TLSA RRset:
  qname: _443._tcp.rdap.centralnic.com.
  2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
IP Addresses found:
  2a04:2b00:119::c:10
  2a04:2b00:119::c:110
  119.252.181.110
  119.252.181.10

## Checking rdap.centralnic.com 2a04:2b00:119::c:10 port 443
DANE TLSA 2 1 1 [60b87575..]: OK matched TA certificate at depth 1
## Peer Certificate Chain:
   0 CN=console.centralnic.com
     CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   1 CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
     CN=DST Root CA X3,O=Digital Signature Trust Co.
## Verified Certificate Chain 0:
   0 CN=console.centralnic.com
     CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   1 CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
     CN=DST Root CA X3,O=Digital Signature Trust Co.
   2 CN=DST Root CA X3,O=Digital Signature Trust Co.
     CN=DST Root CA X3,O=Digital Signature Trust Co.
## TLS Connection Info:
   TLS version: TLS1.2
   CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
## End-Entity Certificate Info:
   X509 version: 3
   Serial#: 327b82280eaa809c135985e301f74055503
   Subject: CN=console.centralnic.com
   Issuer:  CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   SAN dNSName: console.centralnic.com
   SAN dNSName: manage.centralnic.com
   SAN dNSName: mls.centralnic.com
   SAN dNSName: ote-console.centralnic.com
   SAN dNSName: ote-registry-api.centralnic.com
   SAN dNSName: portal.centralnic.com
   SAN dNSName: portal.centralnicregistry.com
   SAN dNSName: portal.ote.centralnicregistry.com
   SAN dNSName: portal.prod.centralnic.com
   SAN dNSName: portal.prod.centralnicregistry.com
   SAN dNSName: rdap-ote.centralnic.com
   SAN dNSName: rdap.centralnic.com
   SAN dNSName: registrar-console.centralnic.com
   SAN dNSName: registrar-ftp.centralnic.com
   SAN dNSName: registry-api.centralnic.com
   SAN dNSName: search-whois-xmlrpc.centralnic.com
   SAN dNSName: search-whois.centralnic.com
   SAN dNSName: sni-ote.centralnic.com
   SAN dNSName: sni.centralnic.com
   SAN dNSName: whois-ote.centralnic.com
   SAN dNSName: whois.centralnic.com
   Signature Algorithm: SHA256-RSA
   PublicKey Algorithm: RSA 2048-Bits
   Inception:  2020-09-16 15:07:22 +0000 UTC
   Expiration: 2020-12-15 15:07:22 +0000 UTC
   KU: DigitalSignature KeyEncipherment
   EKU: ServerAuth ClientAuth
   Is CA?: false
   SKI: 8b4d646de20fd65f4f3dc499d7ce4121e8e336f1
   AKI: a84a6a63047dddbae6d139b7a64565eff3a8eca1
   OSCP Servers: [http://ocsp.int-x3.letsencrypt.org]
   CA Issuer URL: [http://cert.int-x3.letsencrypt.org/]
   CRL Distribution: []
   Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1]
Result: DANE OK

## Checking rdap.centralnic.com 2a04:2b00:119::c:110 port 443
DANE TLSA 2 1 1 [60b87575..]: OK matched TA certificate at depth 1
## Peer Certificate Chain:
   0 CN=console.centralnic.com
     CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   1 CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
     CN=DST Root CA X3,O=Digital Signature Trust Co.
## Verified Certificate Chain 0:
   0 CN=console.centralnic.com
     CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   1 CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
     CN=DST Root CA X3,O=Digital Signature Trust Co.
   2 CN=DST Root CA X3,O=Digital Signature Trust Co.
     CN=DST Root CA X3,O=Digital Signature Trust Co.
## TLS Connection Info:
   TLS version: TLS1.2
   CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
## End-Entity Certificate Info:
   X509 version: 3
   Serial#: 327b82280eaa809c135985e301f74055503
   Subject: CN=console.centralnic.com
   Issuer:  CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   SAN dNSName: console.centralnic.com
   SAN dNSName: manage.centralnic.com
   SAN dNSName: mls.centralnic.com
   SAN dNSName: ote-console.centralnic.com
   SAN dNSName: ote-registry-api.centralnic.com
   SAN dNSName: portal.centralnic.com
   SAN dNSName: portal.centralnicregistry.com
   SAN dNSName: portal.ote.centralnicregistry.com
   SAN dNSName: portal.prod.centralnic.com
   SAN dNSName: portal.prod.centralnicregistry.com
   SAN dNSName: rdap-ote.centralnic.com
   SAN dNSName: rdap.centralnic.com
   SAN dNSName: registrar-console.centralnic.com
   SAN dNSName: registrar-ftp.centralnic.com
   SAN dNSName: registry-api.centralnic.com
   SAN dNSName: search-whois-xmlrpc.centralnic.com
   SAN dNSName: search-whois.centralnic.com
   SAN dNSName: sni-ote.centralnic.com
   SAN dNSName: sni.centralnic.com
   SAN dNSName: whois-ote.centralnic.com
   SAN dNSName: whois.centralnic.com
   Signature Algorithm: SHA256-RSA
   PublicKey Algorithm: RSA 2048-Bits
   Inception:  2020-09-16 15:07:22 +0000 UTC
   Expiration: 2020-12-15 15:07:22 +0000 UTC
   KU: DigitalSignature KeyEncipherment
   EKU: ServerAuth ClientAuth
   Is CA?: false
   SKI: 8b4d646de20fd65f4f3dc499d7ce4121e8e336f1
   AKI: a84a6a63047dddbae6d139b7a64565eff3a8eca1
   OSCP Servers: [http://ocsp.int-x3.letsencrypt.org]
   CA Issuer URL: [http://cert.int-x3.letsencrypt.org/]
   CRL Distribution: []
   Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1]
Result: DANE OK

## Checking rdap.centralnic.com 119.252.181.110 port 443
DANE TLSA 2 1 1 [60b87575..]: OK matched TA certificate at depth 1
## Peer Certificate Chain:
   0 CN=console.centralnic.com
     CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   1 CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
     CN=DST Root CA X3,O=Digital Signature Trust Co.
## Verified Certificate Chain 0:
   0 CN=console.centralnic.com
     CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   1 CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
     CN=DST Root CA X3,O=Digital Signature Trust Co.
   2 CN=DST Root CA X3,O=Digital Signature Trust Co.
     CN=DST Root CA X3,O=Digital Signature Trust Co.
## TLS Connection Info:
   TLS version: TLS1.2
   CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
## End-Entity Certificate Info:
   X509 version: 3
   Serial#: 327b82280eaa809c135985e301f74055503
   Subject: CN=console.centralnic.com
   Issuer:  CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   SAN dNSName: console.centralnic.com
   SAN dNSName: manage.centralnic.com
   SAN dNSName: mls.centralnic.com
   SAN dNSName: ote-console.centralnic.com
   SAN dNSName: ote-registry-api.centralnic.com
   SAN dNSName: portal.centralnic.com
   SAN dNSName: portal.centralnicregistry.com
   SAN dNSName: portal.ote.centralnicregistry.com
   SAN dNSName: portal.prod.centralnic.com
   SAN dNSName: portal.prod.centralnicregistry.com
   SAN dNSName: rdap-ote.centralnic.com
   SAN dNSName: rdap.centralnic.com
   SAN dNSName: registrar-console.centralnic.com
   SAN dNSName: registrar-ftp.centralnic.com
   SAN dNSName: registry-api.centralnic.com
   SAN dNSName: search-whois-xmlrpc.centralnic.com
   SAN dNSName: search-whois.centralnic.com
   SAN dNSName: sni-ote.centralnic.com
   SAN dNSName: sni.centralnic.com
   SAN dNSName: whois-ote.centralnic.com
   SAN dNSName: whois.centralnic.com
   Signature Algorithm: SHA256-RSA
   PublicKey Algorithm: RSA 2048-Bits
   Inception:  2020-09-16 15:07:22 +0000 UTC
   Expiration: 2020-12-15 15:07:22 +0000 UTC
   KU: KeyEncipherment DigitalSignature
   EKU: ServerAuth ClientAuth
   Is CA?: false
   SKI: 8b4d646de20fd65f4f3dc499d7ce4121e8e336f1
   AKI: a84a6a63047dddbae6d139b7a64565eff3a8eca1
   OSCP Servers: [http://ocsp.int-x3.letsencrypt.org]
   CA Issuer URL: [http://cert.int-x3.letsencrypt.org/]
   CRL Distribution: []
   Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1]
Result: DANE OK

## Checking rdap.centralnic.com 119.252.181.10 port 443
DANE TLSA 2 1 1 [60b87575..]: OK matched TA certificate at depth 1
## Peer Certificate Chain:
   0 CN=console.centralnic.com
     CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   1 CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
     CN=DST Root CA X3,O=Digital Signature Trust Co.
## Verified Certificate Chain 0:
   0 CN=console.centralnic.com
     CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   1 CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
     CN=DST Root CA X3,O=Digital Signature Trust Co.
   2 CN=DST Root CA X3,O=Digital Signature Trust Co.
     CN=DST Root CA X3,O=Digital Signature Trust Co.
## TLS Connection Info:
   TLS version: TLS1.2
   CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
## End-Entity Certificate Info:
   X509 version: 3
   Serial#: 327b82280eaa809c135985e301f74055503
   Subject: CN=console.centralnic.com
   Issuer:  CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
   SAN dNSName: console.centralnic.com
   SAN dNSName: manage.centralnic.com
   SAN dNSName: mls.centralnic.com
   SAN dNSName: ote-console.centralnic.com
   SAN dNSName: ote-registry-api.centralnic.com
   SAN dNSName: portal.centralnic.com
   SAN dNSName: portal.centralnicregistry.com
   SAN dNSName: portal.ote.centralnicregistry.com
   SAN dNSName: portal.prod.centralnic.com
   SAN dNSName: portal.prod.centralnicregistry.com
   SAN dNSName: rdap-ote.centralnic.com
   SAN dNSName: rdap.centralnic.com
   SAN dNSName: registrar-console.centralnic.com
   SAN dNSName: registrar-ftp.centralnic.com
   SAN dNSName: registry-api.centralnic.com
   SAN dNSName: search-whois-xmlrpc.centralnic.com
   SAN dNSName: search-whois.centralnic.com
   SAN dNSName: sni-ote.centralnic.com
   SAN dNSName: sni.centralnic.com
   SAN dNSName: whois-ote.centralnic.com
   SAN dNSName: whois.centralnic.com
   Signature Algorithm: SHA256-RSA
   PublicKey Algorithm: RSA 2048-Bits
   Inception:  2020-09-16 15:07:22 +0000 UTC
   Expiration: 2020-12-15 15:07:22 +0000 UTC
   KU: DigitalSignature KeyEncipherment
   EKU: ServerAuth ClientAuth
   Is CA?: false
   SKI: 8b4d646de20fd65f4f3dc499d7ce4121e8e336f1
   AKI: a84a6a63047dddbae6d139b7a64565eff3a8eca1
   OSCP Servers: [http://ocsp.int-x3.letsencrypt.org]
   CA Issuer URL: [http://cert.int-x3.letsencrypt.org/]
   CRL Distribution: []
   Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1]
Result: DANE OK

[0] Authentication succeeded for all (4) peers.




Check another DANE service?


Other DANE Tools


References