I presume he connected to your SSL protected website directly - using openssl.... (almost a replacement for "telnet xn----ymcadjpj1at5o.xn--wgbh1c 443")
# openssl s_client -connect xn----ymcadjpj1at5o.xn--wgbh1c:443 Then - echo the server certificate part.... through the commands I gave earlier.... echo "-----BEGIN CERTIFICATE----- > MIIDXzCCAkegAwIBAgIEC51NfTANBgkqhkiG9w0BAQsFADBgMQkwBwYDVQQGEwAx [bit in the middle deleted due to 40K limit of message size] > BXBpup6UrH+A4ikdAV+H2HKUwtLOtywjxcpKEPAOmAaGsnt0JwlTNJyyupEO6dCf > 3xnY > -----END CERTIFICATE----- > " | openssl x509 -outform DER | openssl sha256 (stdin)= ad562370d03dfbe4edfc4780a2367c8fd086d8a00d53a80d8ec6a8909d50da9a or equally do this all in one step - but I think this may actually "hide" too much of the logic of what happens... # openssl s_client -connect xn----ymcadjpj1at5o.xn--wgbh1c:443 | openssl x509 -outform DER | openssl sha256 :-) On Tue, 2015-07-14 at 10:05 +0000, Abdelmeniem Tharwat wrote: > Dear Mark , > Thanks for your response , actually I am asked about how Viktor > generate the TLSA record "The Correct" ? as my problem was in the record > Generated by openssl command which is like what you sent to me "Same TLSA > record". > It is working now , but may Viktor have a time to send me how he generated > the TLSA record ? > Thanks -- Mark James ELKINS - Posix Systems - (South) Africa [email protected] Tel: +27.128070590 Cell: +27.826010496 For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
