Implement DNS Certification Authority Authorization (CAA) resource record
Certification Authority Authorization (CAA), defined in RFC 6844, is a standard that allows domain name owners to control which CAs are allowed to issue certificates for their properties.
ssllabs.com has implemented the detection for this record when checking for the SSL grade they give. To prevent getting graded down and use state of the art techniques for ssl security I would usggest to allow adding those nameserver record.
RFC: https://tools.ietf.org/html/rfc6844
ssllabs announcement https://blog.qualys.com/ssllabs/2017/01/13/whats-new-ssl-labs-1-26-5
Cool Dark
shared this idea
This functionality is now available in the Plesk 17.8 preview. We encourage you to check the implementation and let us know what you think. Please visit the following forum thread to learn how to access the preview: https://talk.plesk.com/threads/plesk-onyx-17-8-preview.343283/
We would appreciate hearing your feedback on the implementation of this functionality. Thanks in advance!
-
Tortax
commented
Does is also work in plesk for windows?
-
Alex
commented
It would be great to have backport to plesk 17.5. Please provide this functionality to us with a feature update for 17.5.
-
Anonymous
commented
Plesk needs to updated their response from Jul 24, 2017. They have already implemented CAA in their beta version: Plesk Onyx 17.8. See the changelog: CAA DNS records are now supported in Plesk dated August 7, 2017. Plesk Onyx 17.8 Preview 4.
When 17.8 is stable, you'll be able to have the feature or you can move to beta version now and have the feature. (Not recommended for production systems.
-
Roberto Tramelli commented
Usefull, please add
-
Sam
commented
Agreed - I would also like to see this functionality in Plesk
-
Micke
commented
usefull feature, please add
-
Lee Nux
commented
+1
-
Lloyd, don't panic :)
https://ns1.com/blog/the-caa-record-type-explained:
“2. Do I need to add a CAA record to my domain before September 2017?
No. The CAA record is optional for domain owners. If you don’t have a CAA record in place in September, issuing certificates for your domain will remain just as it is today.”
Even your link (https://support.comodo.com/index.php?/Knowledgebase/Article/View/1204/1/caa-record---certification-authority-authorization) mentioned this: "If no CAA record is present, any CA is allowed to issue a certificate for the domain."-- rk
-
Lloyd Day
commented
"if it will be popular."
No, we HAVE to have it! And by September if memory serves or we won't be able to get certificates for our domains!!!
"All CA's will be mandated to check CAA DNS records starting in late 2017. Comodo, however, has been supporting this on ALL certificates for the last 12+ months. "
So this is urgent
-
Mehdi
commented
+1 yes we need this asap please
-
Schneidi
commented
Hi, why it needs to be suggession ? There is a RFC for me is there no space for discussion or if or if not ...
-
Halil Kaya
commented
up ref :)
-
Anonymous
commented
Yes need this asap !!!
-
Jonas
commented
Seems it's needed for let's encrypt now
-
Anonymous
commented
please add this feature
-
Leonardo Leite da Silva commented
Please add this awesome resource
-
Dario
commented
+
-
Martin
commented
++
-
Noxx
commented
September (already mentioned) will arrive very quickly.... It would be very useful and much appreciated if this became functional quite soon. Editing zone files manually isn't a great option...
-
Chris
commented
I have a number of clients who's IT departments are already investigating adding these records to their zones. Just being able to manually add the records would be fine but a wizard would be better with check boxes for the major vendors.