CAA (Certification Authority Authorization) DNS records are used to check which certificate authorities are authorized to issue SSL certificates for a specific domain. It is intended to provide additional security.
A CAA record allows you, the domain owner, to indicate which certificate authorities are authorized to issue certificates for your domain. Here is an example of a CAA record:
example.com. CAA 0 issue "ca.example.net"
In this example, "example.com" is the domain for which the CAA record is set. "ca.example.net" is the certificate authority authorized to issue SSL certificates for the domain"example.com".
This CAA record indicates that only the certificate authority "ca.example.net" has permission to issue certificates for the domain "example.com". Other certificate authorities are then not allowed from issuing certificates for this domain, even if they would otherwise be authorized to do so.
Adding a CAA record to your DNS zone provides an additional layer of security and helps prevent unauthorized certificate authorities from issuing SSL certificates for your domain. It gives you more control over who is authorized to issue SSL certificates for your domain.
If you need help configuring a CAA record, don't hesitate to contact our team. We will be happy to assist you.
Were not all your questions answered?
Don't worry, we will be happy to help you via a support request!