CAA (Certification Authority Authorization) – Coming Soon to a CA Near You!

2017 will be a exciting year for the digital certificate community. One thing we expect to see: more widespread adoption of Certification Authority Authorization (aka CAA).

CAA lets the owner of a domain name designate a specific Certificate Authority (CA), (like SSL.com) to issue digital security certificates for their domain name. This protects websites by helping to prevent mis-issuance of unauthorized certificates.

CAA works by adding small files called Certification Authority Authorization Resource Records (CAA records) as part of the Domain Name System (DNS). These records instruct CAA-compliant certificate authorities how to process requests. CAA is easy to implement and control. Since the owner of any domain already maintains DNS records (to, for instance, point their domain name to the IP address where their site is hosted) they simply add or edit CAA records alongside their other DNS records.

Widespread use of CAA can reduce risk of certificate mis-issuance and protect your domain, website,business and online identity.

The downside: not all certificate authorities currently support CAA (it is currently recommended  but not required) and until all CAs adopt CAA it can’t stop every certificate mis-issuance.

That said, we expect CAA to see broader use in 2017, and SSL.com would like you to consider using CAA records for yourself. We’ve written an article to help give a more in-depth understanding of CAA, including how to set up your own CAA records. (If you want even more detail consult the original Internet Engineering Task Force Certification Authority Authorization standards document, RFC 6844 – be warned, it’s not for the faint of heart.)

And as always, please contact us to find out how SSL.com can help you with Certification Authority Authorization today!