State your Preferred Certificate Authority
Certification Authority Authorization (CAA) is a powerful record in your DNS settings that allows you to control which Certificate Authorities (CA) can issue SSL certificates for specific domains in your organization. Think of the record as your domain’s medical record. Hospitals will refer to the record before issuing any remedies to ensure they’re not providing you with any medicine that might trigger an allergic reaction! The same concept applies with CAA Records, but with domains and SSL certificates – and a lot less nausea.
Starting September 8, 2017, CAs will be required by the industry’s governing body to check the CAA record before issuing any type of SSL certificates (DV, OV, EV) for your domain(s). This DNS setting allows organizations to further protect their brand reputation, security integrity, and customers’ trust, while minimizing the possibilities of finding random expired SSL certificates from rogue employees.
Let’s face it. Nobody ever wants to have their website down because of an SSL Certificate issue. Nobody wants to miss out on revenue. So, let’s prevent those issues and specify your CAA Record today!
No worries! Many of the most popular domain registrars and DNS providers support CAA Records, with many more adopting the record on a daily basis! Below is a brief overview of some of the largest providers of DNS services that support CAA Records. Don’t see your provider? Drop them a support ticket and ask ☺
- Hurricane Electric (HE) DNS