As of September 8, 2017, Certificate Authorities (CAs) are required to check, process, and abide by a domain's DNS Certification Authority Authorization (CAA) resource records (RRs) before a certificate can be issued to the requestor.
Note: A CAA resource record is NOT REQUIRED for DigiCert to issue certificates for your domains. The information provided concerning these records is only important if you already have CAA resource records set up for any of your domains or if you would like to add CAA resource records for your domains.
Prior to issuing a certificate, a CA checks the CAA RRs to establish whether they can issue a certificate for a domain. A CA can issue a certificate for a domain if one of the following conditions is met:
If you have or are planning to create DNS CAA RRs for your domain(s), it's important to make sure your records are up-to-date and accurate. At DigiCert, we recommend checking your existing DNS CAA RRs for your domain(s) to verify that you have the necessary records for each CA authorized to issue certificates for each domain. We also recommend that those creating new DNS CAA RRs understand how the process works, so you don't accidentally prevent a CA from issuing a certificate that's needed ASAP.
For more information, please visit DNS CAA Resource Record Check (https://www.digicert.com/dns-caa-rr-check.htm).
DigiCert is the world’s premier provider of high—assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs. Now, we’ve added Symantec’s experience and talent to our legacy of innovation to find a better way to lead the industry forward, and build greater trust in identity and digital interactions.
©2019 DigiCert, Inc. All rights reserved. DigiCert and its logo are registered trademarks of DigiCert, Inc. Symantec and Norton and their logos are trademarks used under license from Symantec Corporation. Other names may be trademarks of their respective owners.