Knowledgebase
Managing CAA Records
Posted by Network Operations on 07 May 2019 07:46 PM

CAA Records specify which certificate authorities are allowed to issue certificates for a domain.

Earlier this year the CA/Browser Forum voted to make Certificate Authority Authorization (CAA) mandatory for all Certificate Authorities. What this means that domains will need to assert via DNS records (the CAA DNS RRType) which CA’s are permitted to issue certificates for your domains. Think of it as “sort of like SPF, but for SSL/TLS certs”.

CAA Records are now supported by ZoneEdit, but you'll want to make sure your account is setup up accordingly beforehand which you can do via the PREFERENCES link:

“how

“how

Once the Advanced DNS Records feature has been enabled, you'll want to do the following:

1. Click on the DNS link for your domain

“how

2. Click on the wrench for CAA RECORDS

“how

3. Enter your settings and click on NEXT

“how

4. Confirm your changes

Once the changes have been confirmed, your CAA records will be visible via DNS and will look like the following:

markjr@markjr:~$ dig -t caa anarchy.fm
[snip]
;; ANSWER SECTION:
anarchy.fm. 10799 IN CAA 0 issue "rapidssl.com"
anarchy.fm. 10799 IN CAA 0 issuewild "geotrust.com"

Also See:

(1 vote(s))
Helpful
Not helpful