-
Notifications
You must be signed in to change notification settings - Fork 53
TWA 0603
"Domain explicitly disallows all issuers"
The twa script loads and parses the Certificate Authority Authorization (CAA) record from the Domain Name Server (DNS). A domain owner specifies in the CAA record which Certificate Authorities (CAs) are allowed to issue certificates containing the domain name.
Inside the CAA record an issue property specifies a certificate authority which is allowed to generate TLS certificates for the domain.
One issue tag in the CAA record disallows all certificate authority (value ;).
At least one issue tag is needed to get an TLS certification.
Correct the content of the CAA record. Specify the Certificate Authority which have generated the current TLS certification file.
The CAA Record Helper could be used to generate a correct CAA record.