CAA Test Results

As promised, I’ve been testing Certification Authority Authorization (CAA) with some Certificate Authorities and here’s what I found so far:

Amazon Certificate Manager (ACM)

Amazon Certificate Manager

It does not appear they honor the IODEF since I didn’t receive an email.

Let’s Encrypt appears to also block issuance:

Let’s Encrypt (using lego)

2018/12/29 16:44:30 Could not obtain certificates acme: Error -> One or more domains had a problem:
[www.niem.es] acme: Error 403 - urn:ietf:params:acme:error:caa - Error finalizing order :: Rechecking CAA: While processing CAA for niem.es: CAA record for niem.es prevents issuance, While processing CAA for www.niem.es: CAA record for www.niem.es prevents issuance

Alas, no email received from them either.

If you own a domain, you should certainly configure CAA. It appears to work and is another preventive control against phishing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: