TLSA Test

This is a simple test page for DANE.

The associated TLSA RR, _443._tcp.jhcloos.com IN TLSA, is:

• TLSA RFC 6698
• Usage 1 (serice certificate constraint)
• Subject PublicKey Info Selector
• Sha2-256 Match
• The hash itself is:
  • 597cc279_d90f0fb9 50b54092_1c4a7691 6590a2b7_deddddbc 353c6533_7160e1a8

A number of other services use a wildcard cert for *.jhcloos.com with:

• TLSA
• Usage 3 (end-entity certificate constraint)
• Subject PublicKey Info Selector
• Sha2-256 Match
• Hash:
  • bce2a826_bcc5618b 65f71959_140a47fd 9025ef91_dabc6751 86fa0c48_faa3a4bb

My OpenPGP Keyserver, keys.jhcloos.com, has the TLSA RR _443._tcp.keys.jhcloos.com IN TLSA, which is:

• TLSA
• Usage 1 (serice certificate constraint)
• Subject PublicKey Info Selector
• Sha2-256 Match
• The hash itself is:
  • 679962d0_ae83a6dd 687def1c_b0ac011f a3128fcb_7fe48d04 00a470fe_c8e8c40a

Each of the 1/1/1 TLSA have a matching 3/1/1, for the benefit of any clients which prefer to avoid x509.

· Copyright © 2004-2024 James Cloos ·