Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure CAA records #2071

Open
gainsley opened this issue Mar 23, 2022 · 0 comments
Open

Ensure CAA records #2071

gainsley opened this issue Mar 23, 2022 · 0 comments

Comments

@gainsley
Copy link
Contributor

CAA records allow administrators to specify which certificate authorities (CAs) and optionally, which accounts with those authorities, are allowed to issue certificates in the relevant domain. All CA/Browser (i.e., publicly trusted) CAs check this record before issuing certificates in order to minimize the chance of an attacker obtaining a fraudulent certificate.

Ensure that domains have CAA records. Refer to documentation from the CA for the correct CAA record to be set. If there are multiple CAs, CAA records may be combined. Be aware that CAA records apply transitively to subdomains.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant