DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates, commonly used for Transport Layer Security (TLS), to be bound to DNS names using Domain Name System Security Extensions (DNSSEC).
Questions tagged [dane]
7 questions
6
votes
1 answer
How to use DANE with Java?
How can I write a X509TrustManager in Java that used DANE (DNS-based Authentication of Named Entities)?
Are there any samples or a library? Or has Java build in support for DANE?
![](../../users/profiles/12631.webp)
Horcrux7
- 21,867
- 21
- 85
- 134
3
votes
0 answers
What is the correct TLSA record for the QUIC protocol?
As QUIC is based on UDP, is the following entry correct?
_443._udp.example.com. 300 IN TLSA 1 0 1 HASH...
![](../../users/profiles/2486134.webp)
David Sardari
- 311
- 1
- 12
2
votes
0 answers
dane (TLSA) validation java
I need to validate the DANE certificate from random websites.
I have tried https://www.bouncycastle.org/java.html (The Bouncy Castle Crypto APIs for Java) and there is an example that goes near to what I need:…
![](../../users/profiles/1579879.webp)
user1579879
- 21
- 3
1
vote
2 answers
How to list all DNS records including DANE TLSA
I would like to list all/any DNS records including the DANE TLSA.
With
dig mailbox.org ANY
I get all records including DNSSEC etc. but nothing about DANE. Why?
With
dig _443._tcp.mailbox.org. ANY
I get the DANE TLSA records.
I've read the…
![](../../users/profiles/8756317.webp)
FelixF
- 11
- 1
- 2
0
votes
0 answers
What's the proper way to validate a (possible) self signed cert with DANE?
In a nutshell, DANE means: check the SSL certificate fingerprint against a DNS record.
What I'd like to do is: in a HTTPS request:
Check the regular SSL cert; If ok, done!
if it's a self signed cert (or failed to validate for any other reason)…
![](../../users/profiles/1247387.webp)
Falci
- 1,563
- 4
- 21
- 49
0
votes
0 answers
How to interpret SSLPolicyErrors for validating Https Requests with DANE
I'm currently working on a project where I need to validate Https Requests based on known TLSA records.
The steps are:
I perform a DNS lookup and obtain all TLSA records of the domain
I perform the Https request and use the…
![](../../users/profiles/10143733.webp)
der Bomber
- 41
- 5
0
votes
1 answer
How add TLSA RR in Windows server 2016 DNS zone
I am going to implement DANE protocol on Windows server 2016. I configured DNS and Active directories. Now I want to generate self signed certificate for my domain and Generate TLSA record. and I want to add TLSA record in DNS.
![](../../users/profiles/5855738.webp)
Milind Sutar
- 11
- 1
- 7