Articles on: Security and compliance

Best Practices for Using SSL Certificates in DANAconnect

DANAconnect, by operating on AWS, recommends following best practices for SSL certificate management to avoid potential connection failures to the appserv.danaconnect.com, api.danaconnect.com, and ws.danaconnect.com services.

1. Online SSL Validation



Clients should validate the SSL certificate directly online each time they access a service. Storing local copies of certificates is not recommended, as they may become outdated. If a certificate is updated or renewed in DANAconnect, a trust center with local copies will cause service failures by using an invalid SSL.

Clients are responsible for monitoring these certificates if they choose to keep local SSL copies, but real-time SSL validation is the best approach to avoid these issues.

2. CAA Record Configuration in DNS



AWS allows configuring a CAA record for client domains, which authorizes only AWS Certificate Manager (ACM) to issue SSL certificates for those domains or subdomains. Configuring a CAA record ensures that only AWS can issue these certificates, preventing the risk of unauthorized issuance.

Clients should add the following trusted domains to their CAA records for use with DANAconnect on AWS:

- amazon.com
- amazontrust.com
- awstrust.com
- amazonaws.com

Conclusion



To ensure the stability and security of services on DANAconnect, clients must validate SSLs online and configure appropriate CAA records in their DNS. These measures protect against certificate invalidation and prevent interruptions in service consumption.

Updated on: 09/13/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!