DNSDUN设置DNS CAA提高HTTPS证书可信度,CA列表颁发限制 白名单列表
例如只允许letsencrypt和godaddy0 issue "letsencrypt.org"
0 issue "godaddy.com"
同时建议增加可选issuewild标签,此外还有可选的iodef标签,用于颁发失败通知用户
0 issuewild "letsencrypt.org"
0 issuewild "godaddy.com"
可选值mailto,http,https
0 iodef "mailto:1265578519@qq.com"
dig查询测试caa是否添加
dig itzmx.com type257
参考:https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum
https://www.ssllabs.com/ssltest/analyze.html?d=www.itzmx.com
CA列表域名:https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00023
珀珀
页:
[1]