[Solved] DNSSEC and Non-Let’s Encrypt Certificate


#1

When using another TLS (SSL) Certificate (not Let’s Encrypt) on MIAB, is it still possible to use DNSSEC? Will the entry that needs to be sent to the DN registrar change (Admin Panel - System - Status Check - Key Tag Key Flags etc.) or does this always have to stay the same, regardless of the certificate deployed?


#2

DNSSEC and TLS are two very different things that are mostly unrelated. DNSSEC proofs that your DNS server is the real deal and that client can verify the responses. (should prevent dns spoofing, but it’s not widely used)

TLS encrypts the transport layer of HTTP/SMTP/IMAP for the box.


#3

@michaelkroes Thank you. So just that I get things right; it does not matter what TLS certificates are in use as they will not affect DNSSEC. The string provided to the DN registrar (out from the Admin Panel) is not connected to the TLS certificates from Let’s Encrypt and thus the certificates can be changed without worries?


#4

Yes.


Minimum post size required