Configure CAA Records to Authorize

How to authorize via CAA Records is a Certificate Authority (CA) with trusted roots in many browsers and devices.  As a customer you may be concerned about which CAs can issue certificates for your domains. However, there are industry regulations in place to insure that customers can decide which Certificate Authorities are authorized to issue certificates for their websites and devices.  These restrictions are configured via CAA record(s) in the DNS Zone for the domain.

All Certificate Authorities are now required to check for Certificate Authority Authorization (CAA) records prior to issuing a server certificate. Therefore, you should add CAA records that allow to issue certificates to your DNS zone. You can use the following examples as templates for your actual entries. (Of course, you would replace with your own domain name.)

Authorize to issue certificates for (and any subdomains, including wildcards): 3600 IN CAA 0 issue "" 3600 IN CAA 0 issuewild ""

Authorize to issue certificates for (and all subdomains except for the wildcard * 3600 IN CAA 0 issue "" 3600 IN CAA 0 issuewild ";"

Authorize to issue certificates for ONLY (no wildcards or certificates for the main domain). 3600 IN CAA 0 issue "" 3600 IN CAA 0 issuewild ";" 3600 IN CAA 0 issue ";"

To receive a report by email when a request to issue a SSL/TLS certificate for your site is received: 3600 IN CAA 0 iodef ""

(Of course, you should replace with your actual email address.)

Please contact our support team at if you have any questions about configuring your CAA records, or if you are creating CAA records for certificates issued on our USERTRUST roots.  We are always happy to help our customers.

Subscribe To’s Newsletter

Don’t miss new articles and updates from

Stay Informed and Secure is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.