Certification Authority Authorization (CAA)

That’s why we support the CA/B Forum’s upcoming policy for CAA. This standard enables domain owners to prevent the issuance of rogue or unauthorized SSL/TLS certificates, by specifying which certification authorities (CAs) are authorized to issue digital certificates to their domains.

As of September 8, 2017, all certification authorities (CAs) will be required to check and comply with the CAA records before issuing a certificate.

Read on to find out what how CAA checking can help your brand:

• CAA technical requirements standard: RFC 6844
• Blog: Mandatory CAA Checking on the Horizon
• Tech Notes:
  • What is CAA?
  • How to add a Certification Authority Authorization (CAA) record in a hosted DNS
  • How to add a Certification Authority Authorization (CAA) record to your DNS zone file
• CAA Best Practices Guide: understanding Certification Authority Authorization
• CAA Lookup Tool: view which CA's are entitled to issue certificates for your domain(s) with our CAA lookup tool.