Loading howto/tls.md +11 −0 Original line number Diff line number Diff line Loading @@ -297,6 +297,17 @@ time of writing (2020-04-15): See also the [alternative certificate authorities we could consider](#other-certificate-authorities). ### Certificate Authority Authorization (CAA) `torproject.org` and `torproject.net` implement CAA records in DNS to restrict which certificate authorities are allowed to issue certificates for these domains and under what restrictions. For Let's Encrypt domains, the CAA record also specifies which account is allowed to request certificates. This is represented by an "account uri", and is found among `certbot` and `dehydrated` configuration files. Typically, the file is named `account_id.json`. ### Internal auto-ca The internal "auto-ca" is a standalone certificate authority running Loading Loading
howto/tls.md +11 −0 Original line number Diff line number Diff line Loading @@ -297,6 +297,17 @@ time of writing (2020-04-15): See also the [alternative certificate authorities we could consider](#other-certificate-authorities). ### Certificate Authority Authorization (CAA) `torproject.org` and `torproject.net` implement CAA records in DNS to restrict which certificate authorities are allowed to issue certificates for these domains and under what restrictions. For Let's Encrypt domains, the CAA record also specifies which account is allowed to request certificates. This is represented by an "account uri", and is found among `certbot` and `dehydrated` configuration files. Typically, the file is named `account_id.json`. ### Internal auto-ca The internal "auto-ca" is a standalone certificate authority running Loading