I presume he connected to your SSL protected website directly - using openssl.... (almost a replacement for "telnet xn----ymcadjpj1at5o.xn--wgbh1c 443")
# openssl s_client -connect xn----ymcadjpj1at5o.xn--wgbh1c:443
Then - echo the server certificate part.... through the commands I gave earlier....
echo "-----BEGIN CERTIFICATE-----
MIIDXzCCAkegAwIBAgIEC51NfTANBgkqhkiG9w0BAQsFADBgMQkwBwYDVQQGEwAx
[bit in the middle deleted due to 40K limit of message size]
BXBpup6UrH+A4ikdAV+H2HKUwtLOtywjxcpKEPAOmAaGsnt0JwlTNJyyupEO6dCf 3xnY -----END CERTIFICATE----- " | openssl x509 -outform DER | openssl sha256
(stdin)= ad562370d03dfbe4edfc4780a2367c8fd086d8a00d53a80d8ec6a8909d50da9a
or equally do this all in one step - but I think this may actually "hide" too much of the logic of what happens...
# openssl s_client -connect xn----ymcadjpj1at5o.xn--wgbh1c:443 | openssl x509 -outform DER | openssl sha256
:-)
On Tue, 2015-07-14 at 10:05 +0000, Abdelmeniem Tharwat wrote:
Dear Mark , Thanks for your response , actually I am asked about how Viktor generate the TLSA record "The Correct" ? as my problem was in the record Generated by openssl command which is like what you sent to me "Same TLSA record". It is working now , but may Viktor have a time to send me how he generated the TLSA record ? Thanks