CAA Records

CAA (Certificate Authority Authorisation) RECORD INFORMATION

This type of record allows to specify which certificate authorities (CAs) are allowed to issue certificates for the domain

CAA Records info

The purpose of the CAA record is to allow domain owners to declare which certificate authorities are allowed to issue a certificate for a domain. They also provide a means for indicating notification rules in case someone requests a certificate from a not authorized certificate authority. If no CAA record is present, any CA is allowed to issue a certificate for the domain. If a CAA record is present, only the CAs listed in the record(s) are allowed to issue certificates for that hostname.

CAA records can set policy for the entire domain, or for specific hostnames. CAA records are also inherited by subdomains, therefore a CAA record set on example.com will also apply to any subdomain, such as subdomain.example.com (unless overridden). CAA records can control the issuance single-name certificates, wildcard certificates, or both.

The CAA record is expressed in a master file in the following format:

Flag

An unsigned integer between 0-255.

Tag

An ASCII string that represents the identifier of the property represented by the record.

Value

The value associated with the tag.


Information submitted on this page is subject to our privacy policy

Information submitted on this page is subject to our privacy policy

« Back to Previous Page