This application checks a DANE TLS Service. It connects to the specified TLS service and then attempts to authenticate its TLS server certificate according to its corresponding DANE TLSA records in the DNS.
Port: 443
Domain name: rdap.centralnic.com
Checking Transcript:
Host: rdap.centralnic.com Port: 443 SNI: rdap.centralnic.com DNS TLSA RRset: qname: _443._tcp.rdap.centralnic.com. 2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03 0 1 1 f7ecded5c66047d28ed6466b543c40e0743abe81d109254dcf845d4c2c7853c5 0 1 1 2b071c59a0a0ae76b0eadb2bad23bad4580b69c3601b630c2eaf0613afa83f92 0 1 1 36abc32656acfc645c61b71613c4bf21c787f5cabbee48348d58597803d7abc9 2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270 0 1 1 7f4296fc5b6a4e3b35d3c369623e364ab1af381d8fa7121533c9d6c633ea2461 2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d 2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18 0 1 1 fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2 2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10 IP Addresses found: 2a04:2b00:119::c:110 2a04:2b00:119::c:10 119.252.181.110 119.252.181.10 ## Checking rdap.centralnic.com 2a04:2b00:119::c:110 port 443 DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [f7ecded5..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [2b071c59..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [36abc326..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [7f4296fc..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [8d02536c..]: OK matched TA certificate at depth 1 DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [fbe30180..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate ## Peer Certificate Chain: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=DST Root CA X3,O=Digital Signature Trust Co. ## PKIX Certificate Chain 0: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## DANE Certificate Chain 0: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=DST Root CA X3,O=Digital Signature Trust Co. ## TLS Connection Info: TLS version: TLS1.2 CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ## End-Entity Certificate Info: X509 version: 3 Serial#: 32b0084ec0c95bcb35bb9b9a891801dd19e Subject: CN=console.centralnic.com Issuer: CN=R3,O=Let's Encrypt,C=US SAN dNSName: console.centralnic.com SAN dNSName: manage.centralnic.com SAN dNSName: mls.centralnic.com SAN dNSName: ote-console.centralnic.com SAN dNSName: ote-registry-api.centralnic.com SAN dNSName: portal.centralnic.com SAN dNSName: portal.centralnicregistry.com SAN dNSName: portal.ote.centralnicregistry.com SAN dNSName: portal.prod.centralnic.com SAN dNSName: portal.prod.centralnicregistry.com SAN dNSName: rdap-ote.centralnic.com SAN dNSName: rdap.centralnic.com SAN dNSName: registrar-console.centralnic.com SAN dNSName: registrar-ftp.centralnic.com SAN dNSName: registry-api.centralnic.com SAN dNSName: search-whois-xmlrpc.centralnic.com SAN dNSName: search-whois.centralnic.com SAN dNSName: sni.centralnic.com SAN dNSName: whois-ote.centralnic.com SAN dNSName: whois.centralnic.com Signature Algorithm: SHA256-RSA PublicKey Algorithm: RSA 2048-Bits Inception: 2022-06-11 15:07:33 +0000 UTC Expiration: 2022-09-09 15:07:32 +0000 UTC KU: KeyEncipherment DigitalSignature EKU: ServerAuth ClientAuth Is CA?: false SKI: f8cff41b58598565fb923ce40f66643c36bfa381 AKI: 142eb317b75856cbae500940e61faf9d8b14c2c6 OSCP Servers: [http://r3.o.lencr.org] CA Issuer URL: [http://r3.i.lencr.org/] CRL Distribution: [] Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1] Result: DANE OK ## Checking rdap.centralnic.com 2a04:2b00:119::c:10 port 443 DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [f7ecded5..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [2b071c59..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [36abc326..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [7f4296fc..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [8d02536c..]: OK matched TA certificate at depth 1 DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [fbe30180..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate ## Peer Certificate Chain: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=DST Root CA X3,O=Digital Signature Trust Co. ## PKIX Certificate Chain 0: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## DANE Certificate Chain 0: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=DST Root CA X3,O=Digital Signature Trust Co. ## TLS Connection Info: TLS version: TLS1.2 CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ## End-Entity Certificate Info: X509 version: 3 Serial#: 32b0084ec0c95bcb35bb9b9a891801dd19e Subject: CN=console.centralnic.com Issuer: CN=R3,O=Let's Encrypt,C=US SAN dNSName: console.centralnic.com SAN dNSName: manage.centralnic.com SAN dNSName: mls.centralnic.com SAN dNSName: ote-console.centralnic.com SAN dNSName: ote-registry-api.centralnic.com SAN dNSName: portal.centralnic.com SAN dNSName: portal.centralnicregistry.com SAN dNSName: portal.ote.centralnicregistry.com SAN dNSName: portal.prod.centralnic.com SAN dNSName: portal.prod.centralnicregistry.com SAN dNSName: rdap-ote.centralnic.com SAN dNSName: rdap.centralnic.com SAN dNSName: registrar-console.centralnic.com SAN dNSName: registrar-ftp.centralnic.com SAN dNSName: registry-api.centralnic.com SAN dNSName: search-whois-xmlrpc.centralnic.com SAN dNSName: search-whois.centralnic.com SAN dNSName: sni.centralnic.com SAN dNSName: whois-ote.centralnic.com SAN dNSName: whois.centralnic.com Signature Algorithm: SHA256-RSA PublicKey Algorithm: RSA 2048-Bits Inception: 2022-06-11 15:07:33 +0000 UTC Expiration: 2022-09-09 15:07:32 +0000 UTC KU: KeyEncipherment DigitalSignature EKU: ServerAuth ClientAuth Is CA?: false SKI: f8cff41b58598565fb923ce40f66643c36bfa381 AKI: 142eb317b75856cbae500940e61faf9d8b14c2c6 OSCP Servers: [http://r3.o.lencr.org] CA Issuer URL: [http://r3.i.lencr.org/] CRL Distribution: [] Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1] Result: DANE OK ## Checking rdap.centralnic.com 119.252.181.110 port 443 DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [f7ecded5..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [2b071c59..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [36abc326..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [7f4296fc..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [8d02536c..]: OK matched TA certificate at depth 1 DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [fbe30180..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate ## Peer Certificate Chain: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=DST Root CA X3,O=Digital Signature Trust Co. ## PKIX Certificate Chain 0: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## DANE Certificate Chain 0: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=DST Root CA X3,O=Digital Signature Trust Co. ## TLS Connection Info: TLS version: TLS1.2 CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ## End-Entity Certificate Info: X509 version: 3 Serial#: 32b0084ec0c95bcb35bb9b9a891801dd19e Subject: CN=console.centralnic.com Issuer: CN=R3,O=Let's Encrypt,C=US SAN dNSName: console.centralnic.com SAN dNSName: manage.centralnic.com SAN dNSName: mls.centralnic.com SAN dNSName: ote-console.centralnic.com SAN dNSName: ote-registry-api.centralnic.com SAN dNSName: portal.centralnic.com SAN dNSName: portal.centralnicregistry.com SAN dNSName: portal.ote.centralnicregistry.com SAN dNSName: portal.prod.centralnic.com SAN dNSName: portal.prod.centralnicregistry.com SAN dNSName: rdap-ote.centralnic.com SAN dNSName: rdap.centralnic.com SAN dNSName: registrar-console.centralnic.com SAN dNSName: registrar-ftp.centralnic.com SAN dNSName: registry-api.centralnic.com SAN dNSName: search-whois-xmlrpc.centralnic.com SAN dNSName: search-whois.centralnic.com SAN dNSName: sni.centralnic.com SAN dNSName: whois-ote.centralnic.com SAN dNSName: whois.centralnic.com Signature Algorithm: SHA256-RSA PublicKey Algorithm: RSA 2048-Bits Inception: 2022-06-11 15:07:33 +0000 UTC Expiration: 2022-09-09 15:07:32 +0000 UTC KU: DigitalSignature KeyEncipherment EKU: ServerAuth ClientAuth Is CA?: false SKI: f8cff41b58598565fb923ce40f66643c36bfa381 AKI: 142eb317b75856cbae500940e61faf9d8b14c2c6 OSCP Servers: [http://r3.o.lencr.org] CA Issuer URL: [http://r3.i.lencr.org/] CRL Distribution: [] Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1] Result: DANE OK ## Checking rdap.centralnic.com 119.252.181.10 port 443 DANE TLSA 2 1 1 [e5545e21..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [f7ecded5..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [2b071c59..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [36abc326..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [bd936e72..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [7f4296fc..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [8d02536c..]: OK matched TA certificate at depth 1 DANE TLSA 2 1 1 [60b87575..]: FAIL did not match any TA certificate DANE TLSA 0 1 1 [fbe30180..]: FAIL did not match any TA certificate DANE TLSA 2 1 1 [276fe8a8..]: FAIL did not match any TA certificate ## Peer Certificate Chain: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=DST Root CA X3,O=Digital Signature Trust Co. ## PKIX Certificate Chain 0: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## DANE Certificate Chain 0: 0 CN=console.centralnic.com CN=R3,O=Let's Encrypt,C=US 1 CN=R3,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=DST Root CA X3,O=Digital Signature Trust Co. ## TLS Connection Info: TLS version: TLS1.2 CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ## End-Entity Certificate Info: X509 version: 3 Serial#: 32b0084ec0c95bcb35bb9b9a891801dd19e Subject: CN=console.centralnic.com Issuer: CN=R3,O=Let's Encrypt,C=US SAN dNSName: console.centralnic.com SAN dNSName: manage.centralnic.com SAN dNSName: mls.centralnic.com SAN dNSName: ote-console.centralnic.com SAN dNSName: ote-registry-api.centralnic.com SAN dNSName: portal.centralnic.com SAN dNSName: portal.centralnicregistry.com SAN dNSName: portal.ote.centralnicregistry.com SAN dNSName: portal.prod.centralnic.com SAN dNSName: portal.prod.centralnicregistry.com SAN dNSName: rdap-ote.centralnic.com SAN dNSName: rdap.centralnic.com SAN dNSName: registrar-console.centralnic.com SAN dNSName: registrar-ftp.centralnic.com SAN dNSName: registry-api.centralnic.com SAN dNSName: search-whois-xmlrpc.centralnic.com SAN dNSName: search-whois.centralnic.com SAN dNSName: sni.centralnic.com SAN dNSName: whois-ote.centralnic.com SAN dNSName: whois.centralnic.com Signature Algorithm: SHA256-RSA PublicKey Algorithm: RSA 2048-Bits Inception: 2022-06-11 15:07:33 +0000 UTC Expiration: 2022-09-09 15:07:32 +0000 UTC KU: KeyEncipherment DigitalSignature EKU: ServerAuth ClientAuth Is CA?: false SKI: f8cff41b58598565fb923ce40f66643c36bfa381 AKI: 142eb317b75856cbae500940e61faf9d8b14c2c6 OSCP Servers: [http://r3.o.lencr.org] CA Issuer URL: [http://r3.i.lencr.org/] CRL Distribution: [] Policy OIDs: [2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1] Result: DANE OK [0] Authentication succeeded for all (4) peers.