Hi,
Since one week or so, I have a TLSA validation error for stat.ripe.net
on TCP/443 at each time I visit https://atlas.ripe.net/ and I have the
same result from the RIPE nlnog node:
alarig@airmure ~ % echo '' | openssl s_client -connect atlas.ripe.net:443
2>/dev/null | openssl x509 -in /dev/stdin -fingerprint -sha256 | grep SHA256 |
sed 's/://g' | cut -d '=' -f 2
8248E13AB5CA3BACAC63F15B831DA32F2CD54973EDF74E69B6A614B7295C02B4
alarig@airmure ~ % dig +short -t TLSA _443._tcp.atlas.ripe.net | awk '{ print
$4 $5 }'
8248E13AB5CA3BACAC63F15B831DA32F2CD54973EDF74E69B6A614B7295C02B4
alarig@airmure ~ % echo '' | openssl s_client -connect stat.ripe.net:443
2>/dev/null | openssl x509 -in /dev/stdin -fingerprint -sha256 | grep SHA256 |
sed 's/://g' | cut -d '=' -f 2
2A2B939449E847374121D4846E3117F23A0283C7B2818ED96C91D2808ABE4C0E
alarig@airmure ~ % dig +short -t TLSA _443._tcp.stat.ripe.net | awk '{ print $4
$5 }'
E3DC43427AA9F62D1E07BBE108AF62BEE84A454DB579FD57A4FFDFFD5A23E576
grifon@ripe01:~$ echo '' | openssl s_client -connect stat.ripe.net:443
2>/dev/null | openssl x509 -in /dev/stdin -fingerprint -sha256 | grep SHA256 |
sed 's/://g' | cut -d '=' -f 2
2A2B939449E847374121D4846E3117F23A0283C7B2818ED96C91D2808ABE4C0E
grifon@ripe01:~$ dig +short -t TLSA _443._tcp.stat.ripe.net | awk '{ print $4
$5 }'
E3DC43427AA9F62D1E07BBE108AF62BEE84A454DB579FD57A4FFDFFD5A23E576
The commands are ugly but work on atlas.ripe.net.
Could you please update it?
Regards,
--
Alarig Le Lay