Website certificates more secure with CAA in DNS

This post is over 5 years old, it may be out of date.

In all DNS zones C&CZ added DNS CAA Resource Records. As of September 8, 2017, we have more control over the SSL certificates for our domains. A hack at a random provider of certificates, like Diginotar in 2011 (Dutch only) can no longer be used to generate false certificates for our domains, because in the CAA records we noted that we only use certificates issued DigiCert.