Easterhegg 2019 - Domain-Automatisierung mit Cryptdomainmgr

Explore domain automation with cryptdomainmgr in this 45-minute conference talk from Easterhegg 2019. Learn about a Python program that automatically renews TLS certificates, TLSA domain entries, and DKIM keys. Discover how the DNS-Based Authentication of Named Entities (DANE) protocol links TLS certificates to DNS zones via hash values, enhancing security against compromised certificate authorities. Understand the importance of DKIM signatures in preventing fraudulent emails and the need for regular key rotation. Delve into cryptdomainmgr's three-phase approach—Prepare, Rollover, and Cleanup—for seamless key renewal without downtime, even considering negative caching issues. Gain insights from speaker Stefan Helmert (Tesla42) on implementing these automated security measures for your domains.