As of September 8, 2017, Certificate Authorities (CAs) are required to check, process, and abide by a domain's DNS Certification Authority Authorization (CAA) resource records (RRs), before a certificate can be issued to the requestor.
Note: A CAA resource record is NOT REQUIRED for DigiCert to issue certificates for your domains. The information provided concerning these records is only important if you already have CAA resource records set up for any of your domains or if you would like to add CAA resource records for your domains.
Prior to issuing a certificate, a CA checks the CAA RRs to establish whether they can issue a certificate for a domain. A CA can issue a certificate for a domain if one of the following conditions is met:
If you have or are planning to create DNS CAA RRs for your domain(s), it's important to make sure your records are up-to-date and accurate. At DigiCert, we recommend checking your existing DNS CAA RRs for your domain(s) to verify that you have the necessary records for each CA authorized to issue certificates for each domain.
We also recommend that those creating new DNS CAA RRs understand how the process works, so you don't accidentally prevent a CA from issuing a certificate that's needed immediately.
For more information, please visit DNS CAA Resource Record Check (https://www.digicert.com/dns-caa-rr-check.htm).
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.