TLSA Test
This is a simple test page for DANE.
The associated TLSA RR, _443._tcp.jhcloos.com IN TLSA, is:
- TLSA RFC 6698
- Usage 1 (serice certificate constraint)
- Subject PublicKey Info Selector
- Sha2-256 Match
- The hash itself is:
- 597cc279_d90f0fb9 50b54092_1c4a7691 6590a2b7_deddddbc 353c6533_7160e1a8
A number of other services use a wildcard cert for *.jhcloos.com with:
- TLSA
- Usage 3 (end-entity certificate constraint)
- Subject PublicKey Info Selector
- Sha2-256 Match
- Hash:
- bce2a826_bcc5618b 65f71959_140a47fd 9025ef91_dabc6751 86fa0c48_faa3a4bb
My OpenPGP Keyserver, keys.jhcloos.com, has the TLSA RR _443._tcp.keys.jhcloos.com IN TLSA, which is:
- TLSA
- Usage 1 (serice certificate constraint)
- Subject PublicKey Info Selector
- Sha2-256 Match
- The hash itself is:
- 679962d0_ae83a6dd 687def1c_b0ac011f a3128fcb_7fe48d04 00a470fe_c8e8c40a
Each of the 1/1/1 TLSA have a matching 3/1/1, for the benefit of any clients which prefer to avoid x509.