27 Aug
2024
27 Aug
'24
7:47 a.m.
On Tue, Aug 27, 2024 at 03:18:42PM +1000, Viktor Dukhovni wrote:
Checks are also possible via:
* https://www.huque.com/bin/danecheck Not a domain check, you have to explicitly check a particular MX host, and specify port 25. Don't forget to choose the "SMTP" radio button under "STARTTLS Application"
I neglected to find and post Shumon's SMTP-specific test site, that does check all the MX hosts of a domain:
https://www.huque.com/bin/danecheck-smtp
FWIW, as with many other sites, this does not probe multi-certificate deployments, where often multiple connections are required with different offers of client supported TLS algorithms in order to test both RSA and ECDSA (or some day also Ed25519 if/when that becomes popular in EE certificates).
Automated regular tests should perform local validation, the test sites are for occasional ad hoc sanity checks.
--
Viktor.