Package: hash-slinger Version: 2.6-1 Severity: minor % tlsa --verify rdap.nic.alsace WARNING: Name on the certificate (Subject: /serialNumber=bzF6gBWp0uI4sLILv6rqnFaJXglK01CP/OU=GT64370990/OU=See www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated - RapidSSL(R)/CN=*.nic.alsace, SubjectAltName: DNS:*.nic.alsace, DNS:nic.alsace) doesn't match requested hostname (rdap.nic.alsace). Caution: name on the cert does not match hostname SUCCESS (usage 3): The certificate offered by the server matches the TLSA record
IMHO, the WARNING is spurious: the cert has a wildcard and therefore the name *does* match. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 4.3.0-1-686-pae (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages hash-slinger depends on: ii ca-certificates 20160104 ii dns-root-data 2015052300+h+1 ii libpython2.7-stdlib [python-argparse] 2.7.11-3 ii openssh-client 1:7.1p2-2 ii python 2.7.11-1 ii python-dnspython 1.12.0-1 ii python-gnupg 0.3.8-2 ii python-ipaddr 2.1.11-2 ii python-m2crypto 0.22.6~rc4-1 ii python-unbound 1.5.7-1 hash-slinger recommends no packages. hash-slinger suggests no packages. -- no debconf information