ADSS Web RA supports the configuration of domain names on an enterprise level. In this configuration, you can set domain names and sub domain names associated to an enterprise. The DNS name will be used in the certificate request form for its utilization while generating certificates exclusively from the domains pre-configured within their enterprise. 


This section enlists the following:


  1. Domain Configurations 
  2. Certificate Authority Authorisation (CAA) Records 


Domain Configurations 


An enterprise operator can set domain name (s) in the Enterprise Advance Settings.


Click "Advance Settings" from the Enterprise Management menu. The toggle button will lead you to a sub menu, click "Domain Configurations". 



  1. Enter the Domain Names (DNS).
  2. Select, Configure Sub Domains. These sub domain names should be associated to the preconfigured domains.
  3. Click "Save" to save the configurations. The following screen will be displayed.



  1. Click "Yes" to confirm the configurations. 


  • When an operator selects a domain name, he can select sub domains which belong to that particular domain name. For instance, if his domain name is webra.com.pk, the relevant sub domain will contain webra.com.pk as displayed in the screenshot above i.e. web.webra.com.pk. Operator can also leave the sub domain unchecked, in that case the domain names will be used in certificate creation process.
  • If an operator has selected multiple domain names, he can select multiple sub domains pertaining to the selected domain names that will be used in certificate creation process from the ADSS Web RA web portal. 
  • If an operator updates domain names and sub domain names, it will also have an impact on Certificate Details. Click here to see Domain names under the Certificate Details section. 
  • In case of TLS certificate, if domain names and sub domain names are configured on an enterprise level, then operators and users of that enterprise can create certificates against those domain and sub domain names. 
  • If domain names are not configured in an enterprise, then application will work as it was working previously.


Certificate Authority Authorisation (CAA) Records


There are organizations known as certificate authorities (CAs) responsible for issuing identify-confirmation certificates for websites, digital IDs, etc. To restrict which CAs can issue certificates for your website, you can incorporate a CAA record into your domain name's DNS settings.


A Certification Authority Authorization (CAA) is a specific DNS record type that enables domain owners to indicate their preferred CAs for certificate issuance. By specifying these preferences, other CAs are then prevented from issuing certificates for the same domain.


CAA records can prove valuable in several situations:


  1. You aim to lower the chances of relying on untrustworthy Certificate Authorities.
  2. You want to prevent your employees from obtaining certificates from unauthorized certificate vendors. 
  3. You want to prevent fraudulent certificate mis-issuances.


Select the Enable Certification Authority Authorisation (CAA) Records


Under the Certification Authorities (CAs) tab, enter the CAs that you have entered in your DNS entry. 



Once you click the Save button, the following confirmation message will appear. Click Yes to save your configurations.