Certificate Authority Authorisation (CAA) Records


There are organisations known as certificate authorities (CAs) responsible for issuing identify-confirmation certificates for websites, digital IDs, etc. To restrict which CAs can issue certificates for your website, you can incorporate CAA records into your domain name's DNS settings.


A Certification Authority Authorization (CAA) is a specific DNS record type that enables domain owners to indicate their preferred CAs for certificate issuance. By specifying these preferences, other CAs are then prevented from issuing certificates for the same domain.


CAA records can prove valuable in several situations:


  1. You aim to lower the chances of relying on untrustworthy Certificate Authorities.
  2. You want to prevent your employees from obtaining certificates from unauthorized certificate vendors. 
  3. You want to prevent fraudulent certificate mis-issuances.


To add CAA Records, navigate to the Settings > CAA Records module from the Enterprise left-tree menu. 


Then, select the "Enable Certification Authority Authorisation (CAA) Records" checkbox


In the Certification Authorities (CAs) field, enter the name of one or more certificate authorities as required in terms of your added domain names.


After entering the certificate authorities, click the 'Save' button and the system will update the CAA Records configuration. A success will also appear at the bottom left corner of the screen.


image