Configuring acceptable CAs with TLSA records (usage modes 0 and 2) is not supported with this script, and the script returns the (slightly inaccurate) message saying "Certificate doesn't match TLSA record".
I don't know how to get the full certificate chain from the server response, otherwise I would work on adding this support.
Thanks for the excellent script!
Configuring acceptable CAs with TLSA records (usage modes 0 and 2) is not supported with this script, and the script returns the (slightly inaccurate) message saying "Certificate doesn't match TLSA record". I don't know how to get the full certificate chain from the server response, otherwise I would work on adding this support. Thanks for the excellent script!