Configure CAA Records to Authorize SSL.com

A how-to for best configuration of CAA records for SSL.com customers.

Related Content

Want to keep learning?

Subscribe to SSL.com’s newsletter, stay informed and secure.

How to authorize SSL.com via CAA Records

SSL.com is a Certificate Authority (CA) with trusted roots in many browsers and devices.  As a customer you may be concerned about which CAs can issue certificates for your domains. However, there are industry regulations in place to insure that customers can decide which Certificate Authorities are authorized to issue certificates for their websites and devices.  These restrictions are configured via CAA record(s) in the DNS Zone for the domain.

All Certificate Authorities are now required to check for Certificate Authority Authorization (CAA) records prior to issuing a server certificate. Therefore, you should add CAA records that allow SSL.com to issue certificates to your DNS zone. You can use the following examples as templates for your actual entries. (Of course, you would replace example.com with your own domain name.)

Authorize SSL.com to issue certificates for example.com (and any subdomains, including wildcards):

example.com. 3600 IN CAA 0 issue "ssl.com"
example.com. 3600 IN CAA 0 issuewild "ssl.com"

Authorize SSL.com to issue certificates for example.com (and all subdomains except for the wildcard *.example.com):

example.com. 3600 IN CAA 0 issue "ssl.com"
example.com. 3600 IN CAA 0 issuewild ";"

Authorize SSL.com to issue certificates for subdomain.example.com ONLY (no wildcards or certificates for the main domain).

subdomain.example.com. 3600 IN CAA 0 issue "ssl.com"
example.com. 3600 IN CAA 0 issuewild ";"
example.com. 3600 IN CAA 0 issue ";"

To receive a report by email when a request to issue a SSL/TLS certificate for your site is received:

example.com. 3600 IN CAA 0 iodef "mailto:security@example.com"

(Of course, you should replace security@example.com with your actual email address.)

Please contact our support team at Support@SSL.com if you have any questions about configuring your CAA records, or if you are creating CAA records for certificates issued on our USERTRUST roots.  We are always happy to help our customers.

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.