Closed WToorenburghIntiveo closed 7 years ago
It's official! https://forums.aws.amazon.com/ann.jspa?annID=4799
Hah, I guess I managed to post here before they pushed the official announcement
Finally!
Anybody know the proper domain to use in the CCA record for AWS ACM?
@bacoboy Amazon uses amazon.com
Inspection of an ACM issued cert made me think it would be amazontrust.com
based on the CRL domain:
However, I opened a ticket with AWS and they point out the buried NOTE in their docs
AWS Certificate Manager (ACM) currently doesn't support CAA records.
After talking with our security guy it turns out this doesn't really matter as this record is to keep OTHER SSL providers from issuing certs for your domain. For instance Comodo won't issue a cert unless the CCA is set to their domain. This lack of support really means you can't use ACM to request a cert for another domain -- but really ACM/AWS has their own mechanism for showing ownership.
Checking the Route 53 dashboard this afternoon, I saw that the CAA record type is now available: