On Tue, Jul 11, 2023 at 01:35:39PM +0200, Paul Menzel wrote:
> Validating the SMTP DANE setup of, it results in success but the details
> show two untrusted certificates:
>
> mx2.molgen.mpg.de (141.14.17.10) [1]:
>
> 3, 1, 2 7aad43a0fdff3445[...]49cd4a23db83374c - certificate not trusted:
> (27)
>
> molgen.mpg.de (a1241.mx.srv.dfn.de, 194.95.232.62)
>
> 3, 0, 1 c613b846076b5503[...]539e7ac79a3f13e9 - certificate not trusted:
> (27)
>
> It’d be great if you pointed me into the direction, how to get more
> details for these issues.
There is no issue, it is just a perhaps misleading indication of what
would happen if that particular TLSA record were the only one you
published. Since one of the TLSA records matches, you're all set.
--
Viktor.
