web analytics
en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

Configure CAA Records to Authorize SSL.com

How to authorize SSL.com via CAA Records

SSL.com is a Certificate Authority (CA) with trusted roots in many browsers and devices.  As a customer you may be concerned about which CAs can issue certificates for your domains. However, there are industry regulations in place to insure that customers can decide which Certificate Authorities are authorized to issue certificates for their websites and devices.  These restrictions are configured via CAA record(s) in the DNS Zone for the domain.

All Certificate Authorities are now required to check for Certificate Authority Authorization (CAA) records prior to issuing a server certificate. Therefore, you should add CAA records that allow SSL.com to issue certificates to your DNS zone. You can use the following examples as templates for your actual entries. (Of course, you would replace example.com with your own domain name.)

Authorize SSL.com to issue certificates for example.com (and any subdomains, including wildcards):

example.com. 3600 IN CAA 0 issue "ssl.com"
example.com. 3600 IN CAA 0 issuewild "ssl.com"

Authorize SSL.com to issue certificates for example.com (and all subdomains except for the wildcard *.example.com):

example.com. 3600 IN CAA 0 issue "ssl.com"
example.com. 3600 IN CAA 0 issuewild ";"

Authorize SSL.com to issue certificates for subdomain.example.com ONLY (no wildcards or certificates for the main domain).

subdomain.example.com. 3600 IN CAA 0 issue "ssl.com"
example.com. 3600 IN CAA 0 issuewild ";"
example.com. 3600 IN CAA 0 issue ";"

To receive a report by email when a request to issue a SSL/TLS certificate for your site is received:

example.com. 3600 IN CAA 0 iodef "mailto:security@example.com"

(Of course, you should replace security@example.com with your actual email address.)

Please contact our support team at Support@SSL.com if you have any questions about configuring your CAA records, or if you are creating CAA records for certificates issued on our USERTRUST roots.  We are always happy to help our customers.

Subscribe to SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com