Paul Menzel skrev den 2023-07-11 13:35:
Dear DANE users,
Validating the SMTP DANE setup of, it results in success but the details show two untrusted certificates:
mx2.molgen.mpg.de (141.14.17.10) [1]:
3, 1, 2 7aad43a0fdff3445[...]49cd4a23db83374c - certificate nottrusted: (27)
molgen.mpg.de (a1241.mx.srv.dfn.de, 194.95.232.62)
3, 0, 1 c613b846076b5503[...]539e7ac79a3f13e9 - certificate nottrusted: (27)
It’d be great if you pointed me into the direction, how to get more details for these issues.
# posttls-finger dane.sys4.de
...
posttls-finger: dane.sys4.de[194.126.158.134]:25: Matched DANE EE certificate at depth 0: 3 1 1 EB74FE41C51D2876A50F0FE95BA6441119A38597A177E1BA54D68ACB9A91EFA3 posttls-finger: dane.sys4.de[194.126.158.134]:25: subject_CN=dane.sys4.de, issuer_CN=R3, fingerprint=CB:66:26:6C:22:32:98:BB:8B:DA:4C:D3:53:7C:BF:45:A8:DE:D6:C2:76:4C:2C:E2:60:C4:5D:33:77:B6:C3:81, pkey_fingerprint=EB:74:FE:41:C5:1D:28:76:A5:0F:0F:E9:5B:A6:44:11:19:A3:85:97:A1:77:E1:BA:54:D6:8A:CB:9A:91:EF:A3 posttls-finger: Verified TLS connection established to dane.sys4.de[194.126.158.134]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
...
seems ok ?