AWS Security Blog
Author: Isaiah Schisler
How to enforce DNS name constraints in AWS Private CA
In March 2022, AWS announced support for custom certificate extensions, including name constraints, using AWS Private Certificate Authority (AWS Private CA). Defining DNS name constraints with your subordinate CA can help establish guardrails to improve public key infrastructure (PKI) security and mitigate certificate misuse. For example, you can set a DNS name constraint that restricts […]