Hello,
after nearly a year I was now able to setup a testing domain which
supports DANE with a German domain provider. Now I'm in the testing stage
to see if I did everything right.
DNSSEC-validation is fine:
http://dnssec-debugger.verisignlabs.com/cryptedmail.eu
DANE/TLSA existence is fine:
https://www.tlsa.info/detail/mail.cryptedmail.eu
Verification is ?
https://www.had-pilot.com/dane/danelaw.html
- TLSLite Client says all is fine
- GnuTLS and OpenSSL both give an unspecified error (could this be due to
missing SNI support?).
Last test is only testing the 443 port and not 25 and the other mail ports.
Is there any service, which verifies validity of TLSA records for the mail
ports and gives more specific output in case of errors?
Ciao
--
http://www.dstoecker.eu/ (PGP key available)
