pmeerw's blog

Jul 2017

Mon, 03 Jul 2017

DNS CAA

DNS CAA allows the holder of a domain to specify which certificate authorities are allowed to issue certificates for that domain.

Let's encrypt support is, as do recent versions of the bind DNS server. https://sslmate.com/labs/caa/ helps to get the DNS record correct. SSL Labs already checks for the CAA record.

Put this in your BIND zone file:

@	CAA	0 issue "letsencrypt.org"

posted at: 22:09 | path: /configuration | permanent link

Made with PyBlosxom