26.8.2020
DNS Certification Authority Authorization
Since Let’s Encrypt and the ACME protocol it is much easier to obtain a certificate without any human intervention. This allows anyone with control over the endpoint to issue certificates (https://letsencrypt.org/how-it-works/).
DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name.
$ dig +short CAA newcubator.com
0 issue "amazon.com"
- https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization
- https://tools.ietf.org/html/rfc8659
- https://docs.aws.amazon.com/acm/latest/userguide/setup-caa.html
- https://security.stackexchange.com/questions/180903/why-dont-browsers-check-caa-records-to-help-ensure-a-certificate-is-valid
- https://crt.sh/?q=%25.newcubator.com
Standort Hannover
newcubator GmbH
Bödekerstraße 22
30161 Hannover
Standort Dortmund
newcubator GmbH
Westenhellweg 85-89
44137 Dortmund