Mail-in-a-Box Forum

Non-existent "TLSA Records" (DANE) for naked domain name "domain.name"

box August 7, 2017, 12:55pm 1

I wonder if there is any chance to add certificate that would correspond to TLSA record for the naked domain name.

I am using https://www.dnssec-validator.cz/ ADD-ON in Firefox that would display if DNSSEC/TLSA are set properly.

But at the moment when I go to “box.domain.name/mail” DNSSEC and TLSA are set properly,
but when I go to “domain.name/mail” (which is easier) then I would get “Non-existent TLSA Record”.

It is shorter to type “domain.name/mail” rather than “box.domain.name/mail”

So would it be possible to create as well TLSA record for naked domain name “domain.name”?
Is it possible to create TLSA record for naked domain name “domain.name”?

Allow users to add (create as well) DNS TLSA RR record (for HTTPS) in Custom DNS section if not AUTOMATED

box October 6, 2017, 10:42am 2

I found this article
https://enter.thewhiterabbit.space/create-and-validate-tlsa-records-dane/
that explains how to generate DNS TLSA records (DANE)

but when looking at the certificate /home/user-data/ssl/domain.name-20180101-87ca421.pem
there is two in that file, which cert is it, the top one or bottom?

system Closed October 7, 2017, 12:55pm 3

This topic was automatically closed after 61 days. New replies are no longer allowed.