AGWA
commented
7 years ago It's official! https://forums.aws.amazon.com/ann.jspa?annID=4799
Closed WToorenburghIntiveo closed 7 years ago
AGWA
commented
7 years ago It's official! https://forums.aws.amazon.com/ann.jspa?annID=4799
WToorenburghIntiveo
commented
7 years ago Hah, I guess I managed to post here before they pushed the official announcement
Ayesh
commented
7 years ago Finally!
bacoboy
commented
7 years ago Anybody know the proper domain to use in the CCA record for AWS ACM?
AGWA
commented
7 years ago @bacoboy Amazon uses amazon.com
bacoboy
commented
7 years ago Inspection of an ACM issued cert made me think it would be amazontrust.com based on the CRL domain:
However, I opened a ticket with AWS and they point out the buried NOTE in their docs
AWS Certificate Manager (ACM) currently doesn't support CAA records.
After talking with our security guy it turns out this doesn't really matter as this record is to keep OTHER SSL providers from issuing certs for your domain. For instance Comodo won't issue a cert unless the CCA is set to their domain. This lack of support really means you can't use ACM to request a cert for another domain -- but really ACM/AWS has their own mechanism for showing ownership.
Checking the Route 53 dashboard this afternoon, I saw that the CAA record type is now available: