CAA record - CA authority

What is CAA?

What is a CAA record?

A Certification Authority Authorization (CAA) record is a standard that you can use to specify which certification authorities (CAs) are allowed to issue certificates for your domain.

The purpose of the CAA record is to allow domain owners to authorize which certificate authorities can issue a certificate for a domain. Before issuing a certificate, the certification body checks your CAA records and blocks the request if it is not listed. If there is no CAA record, a certification authority can issue a certificate for the domain.

CAA records can set policies for the entire domain or for specific host names. CAA records are also inherited from subdomains. CAA records can regulate the issuance of single name certificates, wildcard certificates, or both.

As of September 8, 2017, all certification bodies were asked to check CAA DNS records. 

We recognize the following domain names in the output and issue wild property tags as permitted output:

comodo.com
comodoca.com
usertrust.com
trust-provider.com              
sectigo.com

The following DNS servers support CAA records: