Configure CAA Records to Authorize SSL.com

How to authorize SSL.com via CAA Records

SSL.com is a Certificate Authority with trusted roots in many browsers and devices. However, to provide our customers with universal coverage as our own roots are gaining in ubiquity, we are partnered with Comodo to issue 100% compatible certificates on the USERTRUST root chain.

All Certificate Authorities are now required to check for Certificate Authority Authorization (CAA) records prior to issuing a server certificate. Therefore, for best compatibility, you should add CAA records for both roots to your DNS zone. You can use the following examples as templates for your actual entries. (Of course, you would replace example.com with your own domain name.)

Authorize SSL.com to issue certificates for example.com (and any subdomains, including wildcards):

example.com. CAA 0 issue "comodoca.com"
example.com. CAA 0 issue "ssl.com"
example.com. CAA 0 issuewild "comodoca.com"
example.com. CAA 0 issuewild "ssl.com"

Authorize SSL.com to issue certificates for example.com (and all subdomains except for the wildcard *.example.com):

example.com.    CAA 0 issue "comodoca.com"
example.com.    CAA 0 issue "ssl.com"
example.com.    CAA 0 issuewild ";"

Authorize SSL.com to issue certificates for subdomain.example.com ONLY (no wildcards or certificates for the main domain).

subdomain.example.com.    CAA 0 issue "comodoca.com"
subdomain.example.com.    CAA 0 issue "ssl.com"
example.com.    CAA 0 issuewild ";"
example.com.    CAA 0 issue ";"

To receive a report by email when a request to issue a SSL/TLS certificate for your site is received:

example.com.    CAA 0 iodef "mailto:security@example.com"

(Of course, you should replace security@example.com with your actual email address.)

Please contact our support team at Support@SSL.com if you have any questions about configuring your CAA records. We are always happy to help our customers.