DANE TLS Test Sites
A few DANE TLS test sites.
-
https://good.dane.huque.com/
-
TLSA record name: _443._tcp.good.dane.huque.com.
There is a valid signed TLSA record (DANE-EE) matching the server
certificate at this site.
-
https://badhash.dane.huque.com/
-
TLSA record name: _443._tcp.badhash.dane.huque.com.
The signed TLSA record (DANE-EE) contains a hash value that doesn't match
the server certificate.
-
https://badparam.dane.huque.com/
-
TLSA record name: _443._tcp.badparam.dane.huque.com.
The signed TLSA record contains invalid (unusable) TLSA parameters.
-
https://badsig.busted.huque.com/
-
TLSA record name: _443._tcp.badsig.busted.huque.com.
The TLSA record has an incorrect DNSSEC signature.
-
https://expiredsig.busted.huque.com/
-
TLSA record name: _443._tcp.expiredsig.busted.huque.com.
The TLSA record has an expired DNSSEC signature.
-
https://good-pkixta.dane.huque.com/
-
TLSA record name: _443._tcp.good-pkixta.dane.huque.com.
The TLSA record (PKIX-TA) has a hash value that correctly matches
the PKIX root CA issuer in the server certificate chain.
-
https://bad-pkixta.dane.huque.com/
-
TLSA record name: _443._tcp.bad-pkixta.dane.huque.com.
The TLSA record (PKIX-TA) has a hash value that doesn't match any
certificate issuer in the PKIX chain corresponding to the server
certificate.
Other DANE Tools
References