October 3, 2017
Posted by on
If you bother to read this, CAA Mandated by CA/Browser Forum you’ll learn that CAA (Certificate Authority Authorization) standard designed to prevent bad actors from creating unauthorized SSL/TLS certificates has been implemented as of September 2017. CAA records allow domain owners to specify which Certificate Authorities (CAs) are permitted to issue certificates. This is acheived by adding CAA information to your domain’s records at the host level.
Good news. My host added this functionality, and it’s a simple process to now identity who can issue an SSL certificate to your domain. In my case, it’s letsencrypt.org. Now my SSL rating has gone up. Legit.