Any client using SSL certificates to secure their domain is advised to configure CAA records to safeguard their security.
Reston, VA (PRWEB)
February 28, 2017
Tiggee subsidiary, Constellix, announces that Constellix DNS will now support CAA (Certificate Authority Authorization) records. This record type allows the domain name holder to specify one of or more CAs (Certificate Authorities) to issue certificates for that domain, according to RFC 6844.
“Any client using SSL certificates to secure their domain is advised to configure CAA records to safeguard their security,” says President of Constellix Steven Job. “In the past, HTTPS secured domains have been compromised due to certification misuse.” CAA records seek to solve this issue by declaring the domain owner’s preferred CA, eliminating the risk of false CAs from issuing fake certificates.
Websites that use HTTPS without CAA are putting themselves and their clients at risk. In the past, malicious parties were able to distribute malware, intercept secure traffic, and sell illegitimate certificates because websites weren’t able to declare their preferred CA. CAA records prevent this from happening, because domain administrators can specify the exact CA that is authoritative for issuing their domain’s certificates.
Domain security has growing implications according to news from Google that is now considering HTTPS is a ranking signal. Domain administrators need to switch to HTTPS, because in the near future Google will consider HTTP domains as insecure and penalize them in search results. Domain owners that make the switch to HTTPS should also add the appropriate CAA record(s) to ensure security.
CAA records can be customized to prefer different CAs, specify wild card domains, and receive emails when CAs…