23Oca
How can I test in my device checks DNS CAA correctly and rejects TLS certificates that are signed by an unauthorized CA?
I would like to know how I can test if my devices, or browsers1 checks and applies DNS Certification Authority Authorization (CAA) correctly. And if it does not, how I can enable it and enforce CAA to be checked and rejected or at least warned about.
I'm mainly interested in testing this on Windows, Linux and Android systems but information about testing this in Apple macOS or iOS is also welcome. Or if it's on the application level instead of the OS level I'm wondering about Firefox and Chromium based browser such as Google Chrome, Brave and Microsoft Edge.
1 If this still applies: https://security.stackexchange.com/questions/180903/why-dont-browsers-check-caa-records-to-help-ensure-a-certificate-is-valid.
