CAA Support

rpvw

• April 26, 2017 04:25

It is suggested that CAA support will be a mandatory standard in certificate issuance as from September 2017. This means that Certificate issuing authorities will be obliged to check for the presence of a correctly formatted CAA record ( RFC 6844 - DNS Certification Authority Authorization (CAA) Resource Record ) for the domain that you are applying for, and non compliance may delay or exclude you from receiving your certificate. Perhaps cPanel developers could give us some reassurance that they have this in the works, as an addition to the Zone Editor, for a release prior to September ? An excellent resource regarding this is available from the Internet Storm Center

• 

  Infopro

  • April 26, 2017 09:31

  Have you seen this Feature Request? Add support for CAA DNS records (type 257)

  0
• 

  rpvw

  • April 26, 2017 09:56

  @Infopro Thanks for that Feature Request link - I have to admit I hadn't seen it, but the fact that it is still under discussion, and not even marked as planned nor in progress is worrying given the short time left (but perhaps the code inclusion is trivial and we don't need to worry about it :) )

  0
• 

  Infopro

  • April 26, 2017 10:16

  WE need to vote it up! :)

  0
• 

  rpvw

  • April 26, 2017 10:28

  I'm pretty sure once it becomes mandatory, and everyone that doesn't conform to CAA DNS entries suddenly stops getting their SSL certificates issued, will concentrate the mind wonderfully :-D

  0

Please sign in to leave a comment.