Author: Richard James Salts Date: To: exim-users Subject: Re: [exim] PLEASE NOTE: Upcoming changes in Let's Encrypt issuer
certificates
On Monday, 21 September 2020 6:39:35 PM AEST Jeremy Harris via Exim-users
wrote: > On 21/09/2020 09:34, Dan Egli via Exim-users wrote:
> > Forgive me for being a bit dense, but I'm new to the SSL world. I have
> > certificates by LetsEncrypt, generated about a month ago. Where and how
> > do I look to determine if I need new certificates. And what's with the
> > TLSA DNS entries? I've never heard of a TLSA record.
>
> TLSA records are part of DANE. If you're not using DANE, you
> don't need them. DANE is a means of publishing trust information in the DNS with DNSSEC
signatures as an alternative to the CAs acting as a trusted 3rd party. This
helps in email as many MX records are not able to be tied to a common name
and/or subject alternative name that would match the domain of the email
recipient that could be verified by the sender.
