CAA checking becomes mandatory for SSL/TLS certificates

2017/04/10

This was news to me in a few ways; first, there’s a new DNS resource record called CAA (Certificate Authority Authorization) and second, Certificate Authorities are now required to check that record before issuing a certificate, to determine if they’re allowed to do so. Cool! What’s a CAA (Certificate Authority Authorization)? When in doubt, consult the RFC: […]

Source: CAA checking becomes mandatory for SSL/TLS certificates