Questions tagged [dane]
The DNS-Based Authentication of Named Entities (DANE)
7 questions
Score of 4
2 answers
674 views
TLSA/DANE via Let’s Encrypt wildcard certificate in Plesk on domain with external DNS
Disclaimer: I am not a professional server admin, but I’m all we have at the company where I work. Please gear answers to novice level.
I manage a domain with multiple subdomains. The DNS for the ...
Score of 1
2 answers
207 views
Cannot get Exim to verify DANE for remote smtp
I am trying to configure Exim to try DANE before deciding to deliver unencrypted mail to remote hosts.
My general Exim configuration has: dns_dnssec_ok = 1.
For the dnslookup router: ...
Score of 3
2 answers
1313 views
Why does my RSA DANE TLSA work, but my ECDSA DANE TLSA fail?
I've purchased two single domain, wildcard SSL certificates from Namecheap/Sectigo/Comodo. I generated my CSRs in the typical fashion using openssl.
$ openssl req -newkey rsa:4096 -keyout example.com....
Score of 3
0 answers
2363 views
Is it possible to use MTA-STS in Postfix without overriding DANE?
The SMTP MTA Strict Transport Security RFC 8461, 2 clearly states that:
However, MTA-STS is designed not to interfere with DANE deployments
when the two overlap; in particular, senders who implement ...
Score of 2
1 answer
2348 views
DANE and TSLA in Cloudflare
can anyone tell me how to set up DANE and TSLA in Cloudflare?
Do we need Google Cloud DNS for TLSA records?
which mail server will allow using TLSA at this point?
ref link for DANE
Score of 0
1 answer
718 views
Does DANE allow for trustable self-signed certificates?
DANE has 4 modes of operation indexed 0-3 with mode 3 i.e. Domain issued certificate allowing for self-signed certificates. Can this mode be used in a trustable manner? and if so does that mean that ...
Score of 2
1 answer
327 views
How do I generate an SSHFP record for a Mikrotik router?
I want to generate an SSHFP record for my Mikrotik CCR2004 running RouterOS 6.47.4, without getting the key over the network. How can I do this from the console?