Hi, I am using *DNSSEC/TLSA Validator *version 2.2.0.1 on Firefox 34.0.5. I am checking the URL https://mijn.iaf.nl/. This site is signed with a CAcert certificate. The root certificate is loaded into the browser so it has no problem with the site.
I get a red padlock for this site. Examination of the TLSA record shows no problem. Checking the site with https://www.had-pilot.com/dane/danelaw.html shows the TLSA record is correct. I tried changing the configuration of the plug-in to use different nameservers but that doesn't give any other result. Information from our nameserver: # host -t TLSA *443.*tcp.mijn.iaf.nl *443.*tcp.mijn.iaf.nl has TLSA record 3 0 1 58D8B8E4F119125B1705B0CB8EDB623C4AE355984758F9E1E2B4439E 2E300C6F I don't know whether it makes a difference which certificate (root or site) is used in the TLSA record. I noticed you have a TLSA record with "0 1 1" as this site has "3 0 1". We also tested with "3 1 1", but that didn't result in a green padlock either. Greetings Peter Peters
_______________________________________________ dnssec-validator-users mailing list [email protected] https://lists.nic.cz/cgi-bin/mailman/listinfo/dnssec-validator-users
