News | SwissSign
A data security specialist by Swiss Post

Main section

08.09.2017

2017-09-04: New CA release

A new release was rolled out on Monday, September 4th. According to the new regulations of the CA Browser Forum, SwissSign is now also checking the "Certification Authority Authorization" (CAA) record of your DNS entry to a domain before authorizing and issuing a certificate.

This means you have the option to restrict the certificate authority that can approve a certificate for this domain. The background to this rule is the so-called "man-in-the-middle attacks", which build a fake page of your website and use a certificate from another (submissive) certification authority. This fake site takes over the communication on their website via manipulated router attacks and redirects them to the website. These types of attacks are particularly used in the field of espionage.

By giving confidence to only SwissSign, it is not possible that another certification authority may issue certificates for your website. Unless you perform an entry, each certification authority may issue certificates for your domain.

In order to properly configure the record in the DNS, we have set up a configurator on our website, which can be reached as follows:

https://www.swisssign.com/en/caa