A Certification Authority Authorization (CAA) record, is a record which is used to allow domain owners to declare which SSL certificate authorities are allowed to issue a certificate for a domain name. If there is no CAA record present in the domains DNS configuration, then any CA (Certificate Authority) can issue a certificate for that domain name providing they can pass domain validation. If a CAA record is present, then only the CA listed in the record(s) can issue certificated for this domain.
To add a CAA record, you need to access your DNS management. If your domain is using our name servers, then your DNS management is within cPanel, using the “Zone Editor” module.
- Log into cPanel –
- Navigate to the “Zone Editor” module. This is within the “Domains” toolbox.
- Beside the domain you want to add the CAA record for, click “Manage”
- Click the down arrow beside the “+ Add Record” button (located next to the search filter), and then select “CAA Record”
- Fill in the required details and then clock on “Add Record”.Name: In this field, you would enter your domain name or sub domain that the authority record is meant for;
TTL (Time to live): This is effectively the expiry/refresh time for the record in seconds. You can leave this as the default which is usually 3600 (1 hour).
Type: This is the type of record being added, and needs to be “CAA”.
Record – Flag: This sets whether or not the SSL issuer needs to fully understand the CAA record is order to process it, by default this is set to “0” and can be left as is.
Record – Tag: This generally sets the type of certificate that the “CAA” record is setting an authority for, “issue” is for standard SSL certificates, whereas “issuewild” is for Wildcard certficates. If you have multiple CAA records, the “issuewild” tag will always over ride the “issue” tag.
- Once the details for your CAA record have been entered, click “Add Record” to save it.