OpenSSL for humans
Validation
Various tips to validate certificate
DANE
This theme implements a built-in Jekyll feature, the use of Rouge, for syntax highlighting. It supports more than 100 languages. This example is in C++. All you have to do is wrap your code in markdown code tags:
$ openssl s_client -starttls smtp \
-connect mail.protonmail.ch:25 \
-dane_tlsa_domain mail.protonmail.ch \
-dane_tlsa_rrdata "3 1 1 76BB66711DA416433CA890A5B2E5A0533C6006478F7D10A4469A947ACC8399E1"
If the verification is successful, you will see something like this in the output:
SSL handshake has read 5209 bytes and written 433 bytes Verification: OK Verified peername: *.protonmail.ch DANE TLSA 3 1 1 ...8f7d10a4469a947acc8399e1 matched EE certificate at depth 0
If you’d like to test for validation failure, just break the supplied hash. The result will be similar to the following output:
SSL handshake has read 5209 bytes and written 433 bytes Verification error: No matching DANE TLSA records
Enjoy Reading This Article?
Here are some more articles you might like to read next: