What is an CAA record and how it is configured

A CAA record (Certification Authority Authorization) allows you to determine which Certification Authorities (CA) can issue certificates (SSL) for your domain or subdomains. 

 

CAA records are configured to prevent incorrect certificates from being issued for a domain or its subdomains. The Certification Authority (CA) must check whether a CAA record exists before issuing a certificate. 

 

Only the Certification Authorities (CA) configured in the record can issue certificates for the domain or subdomain. In other words, if you have a CAA record, only the Certification Authorities specified in that record will be able to issue certificates for the domain or subdomain.

 

How to configure a CAA record

 

Access your cdmon control panel and click on the DNS option of the domain where you want to configure the CAA record.

 

 

On the "DNS Records" screen, click on the New record option.

 

 

In the "Record type" dropdown menu, select CAA.

 

 

Once inside the CAA record configuration panel, you can configure the following parameters:

• TTL value: by default the value is 900 seconds.
• Redirect: you must specify which records you want to allow certification for. The main record @, the WWW subdomain, or a specific subdomain.
• Value: you must choose what the CAA record will allow the Certification Authority (CA) to do.
• CA domain: you must specify the domain of the Certification Authority (CA), for example; letsencrypt.org.

 

 

Finally, click Save record once all parameters have been configured.

 

 

For more information, you can contact us. 

• Related Articles

• How to set up SPF record for mail in static DNS

  SPF is the acronym for Sender Policy Framework, a protection against address forgery for sending email. It identifies SMTP email servers authorized for the transport of messages through the domain name records (DNS). Its meant, for example, to stop ...

• How to set up the SRV record for mail in static DNS

  SRV is a DNS record where information about the available services of the domain is specified. In practical terms, this record is required in protocols such as SIP or XMPP, where information is queried to determine where to find the service. For ...

• How to set up a CNAME record

  Register domain online A CNAME Record (Canonical Name Record) is the equivalent of an alias for another record. It is used when one or multiple records need to point to the same record. If that record points to an IP address and the others point to ...

• How to set up a TXT record

  A TXT record is a type of DNS record that provides text information to external sources outside our domain. The TXT record not only allows you to enter any type of information in text format, but nowadays, combined with the SPF protocol, it can be ...

• How to set up email or record MX

  The MX Record (Mail Exchanger Record) is the record that allows the reception of mail. It specifies the mail servers that the domain has. An MX record always points to an A record, it never points to a CNAME. To configure the mail record or MX record ...