DANE Test Sites

The following sites support the DANE protocol by publishing TLSA records. If you are developing software that supports the DANE protocol, you can visit these sites to test your DANE support.  Note that we use the term “TLS certificate” here for what is commonly referred to as a “SSL certificate”.

Test sites updated on 30 October 2017.  Thanks to Stephane Bortzmeyer for his testing.

Sites that provide tests for DANE records

• DANE Validator by SIDN Labs
• DANE SMTP Validator

HTTP – Valid TLSA Record With Valid CA-signed TLS Certificate

• https://fedoraproject.org
• https://www.freebsd.org/
• https://torproject.org
• https://jhcloos.com/
• https://dns.bortzmeyer.org/
• https://www.afnic.fr/
• https://www.netfuture.ch/
• https://www.kumari.net/ – Note: the TLS certificate is for “*.kumari.net”, allowing you to test the use of wildcards.
• https://www.huque.com/
• https://www.bortzmeyer.org/ – Note: the CA is CAcert, a free CA that is not commonly configured in web browsers.

SMTP

The following sites support using DANE for email by publishing TLSA records associated with MX records:

• ietf.org
• openssl.org
• jhcloos.com
• nlnetlabs.nl (for ports 25, 465, 587)
• nlnet.nl (for ports 25, 465, 587)
• spodhuis.org
• denic.de

XMPP / Jabber

The following sites support using DANE for TLS connections to their XMPP/Jabber server:

• jabber.nlnetlabs.nl
• List of public XMPP servers supporting DANE records