OpenSSL for humans

Validation

Various tips to validate certificate

DANE

This theme implements a built-in Jekyll feature, the use of Rouge, for syntax highlighting. It supports more than 100 languages. This example is in C++. All you have to do is wrap your code in markdown code tags:

$ openssl s_client -starttls smtp \
-connect mail.protonmail.ch:25 \
-dane_tlsa_domain mail.protonmail.ch \
-dane_tlsa_rrdata "3 1 1 76BB66711DA416433CA890A5B2E5A0533C6006478F7D10A4469A947ACC8399E1"

If the verification is successful, you will see something like this in the output:

SSL handshake has read 5209 bytes and written 433 bytes Verification: OK Verified peername: *.protonmail.ch DANE TLSA 3 1 1 ...8f7d10a4469a947acc8399e1 matched EE certificate at depth 0

If you’d like to test for validation failure, just break the supplied hash. The result will be similar to the following output:

SSL handshake has read 5209 bytes and written 433 bytes Verification error: No matching DANE TLSA records



    Enjoy Reading This Article?

    Here are some more articles you might like to read next:

  • KakfaConnect SQL Server configuration
  • KakfaConnect MariaDB configuration
  • access a kafka topic with kafka-console-consumer
  • Enable CDC for PostgreSQL
  • Enable CDC for Oracle