Skip to main content

CAA record management

Let op

In DigiCert®​​ DNS, managed domains (as seen in the UI) are referred to as primary domains in the documentation. Both terms refer to the same concept.

Overview

This guide provides detailed instructions for CAA record management, covering both targeted and comprehensive actions.

Targeted actions include:

Comprehensive actions include listing every CAA record provider.

Benefits

CAA record management safeguards against unauthorized certificate issuance, protecting domains from phishing and man-in-the-middle attacks. DigiCert®​​ DNS provides visibility and audit capabilities for rapid detection of misconfigurations, ensuring compliance with industry standards. Centralized management simplifies SSL/TLS certificate administration, reduces overhead, and promotes consistent, secure certificate practices across the organization.

Procedures

Create a CAA record

Let op

This procedure creates a CAA record (caarecord) for the primary domain domain1. The primary domain was previously created here.

To test this function, call this API endpoint: POST /domains/primary/{domainId}/records/CAA

  1. Sign in to your DigiCert®​​ DNS account.

  2. From the landing page, go to the left sidebar and select DNS > Domains.

  3. In the MANAGED DNS tab, select the relevant domain (for example, domain1).

  4. Select the RECORDS tab.

  5. Select the Add Record button.

  6. In the Add Record dialog:

    1. Select CAA from the Record Type drop-down list.

    2. Enter a name in the Name field (for example, caarecord).

    3. Set the TTL value, or keep the default of 600.

    4. Select a Provider value.

    5. Select a Tag value.

      Options include issue, issuewild, iodef, issuemail, and issuevmc.

    6. Select an Issuer Critical value.

      Options include 0 (not critical) and 1 (critical).

    7. Toggle Enabled to turn the value on or off.

    8. (Optional) To add more entries, select Add Another Value.

    9. (Optional) Select Save and Add Another to add more records.

    10. Select Save and Close to finish.

      A message appears confirming the successful creation of the record.

Delete a specific CAA record

Let op

This procedure deletes a specific CAA record (caarecord) from the primary domain domain1. The primary domain and CAA record were created in earlier procedures. You can follow either Path 1 or Path 2 to complete the deletion.

To test this function, call this API endpoint: DELETE /domains/primary/{domainId}/records/CAA/{recordId}

Path 1

  1. Sign in to your DigiCert®​​ DNS account.

  2. From the landing page, go to the left sidebar and select DNS > Domains.

  3. In the MANAGED DNS tab, select the relevant domain (for example, domain1).

  4. In the RECORDS tab, locate the record you want to delete (for example, caarecord).

  5. From the overflow menu (three vertical dots) at the end of the record's row, select Delete.

  6. In the Confirm Deletion dialog, select Confirm.

    A message appears confirming the successful deletion of the record.

Path 2

  1. Sign in to your DigiCert®​​ DNS account.

  2. From the landing page, go to the left sidebar and select DNS > Domains.

  3. In the MANAGED DNS tab, select the relevant domain (for example, domain1).

  4. In the RECORDS tab, select the checkbox of the record you want to delete.

    Tip

    You can select multiple checkboxes to delete several records at once.

  5. Go to Actions > Delete Records.

  6. In the Confirm Deletion dialog, select Confirm.

    A message appears confirming the successful deletion of the record.

List CAA record providers

Let op

The current version of DigiCert®​​ DNS does not include a dedicated front-end tab for viewing all CAA record providers. To access this information, use the following endpoint:

GET /records/caa/providers

For help configuring your testing environment, refer to the API guide.

Return the details of a specific CAA record

Let op

This procedure displays the details of a specific CAA record (caarecord) created in an earlier procedure. Follow Path 1 if there are only a few results to review. Follow Path 2 if you prefer to filter results quickly.

To test this function, call this API endpoint: GET /domains/primary/{domainId}/records/CAA/{recordId}

Path 1

  1. Sign in to your DigiCert®​​ DNS account.

  2. From the landing page, go to the left sidebar and select DNS > Domains.

  3. In the MANAGED DNS tab, select the relevant domain (for example, domain1).

  4. Select the RECORDS tab.

    The table displays all the records associated with the domain.

  5. Locate the record (for example, caarecord) whose details you want to view.

  6. Select Columns at the top of the results table, then select all checkboxes to ensure that all record information is displayed.

Path 2

  1. Sign in to your DigiCert®​​ DNS account.

  2. From the landing page, go to the left sidebar and select DNS > Domains.

  3. In the MANAGED DNS tab, select the relevant domain (for example, domain1).

  4. Select the RECORDS tab.

    The table displays all the records associated with the domain.

  5. Select Filters at the top of the results table to locate the specific record quickly.

    Tip

    In this example, the name of the record is known, so the following filter was applied:

    1. Under Column, select Name.

    2. Under Operator, select contains.

    3. Under Value, enter the record's name (caarecord).

      If no results appear, double-check the Filters selections and input values.

  6. Select Columns at the top of the results table, then select all checkboxes to ensure that all record information is displayed.

List the CAA records of a specific primary domain

Let op

This procedure displays the CAA records of a specific primary domain (domain1). The primary domain was previously created here. You can follow either Path 1 or Path 2 to complete the retrieval.

To test this function, call this API endpoint: GET /domains/primary/{domainId}/records/CAA

Path 1

  1. Sign in to your DigiCert®​​ DNS account.

  2. From the landing page, go to the left sidebar and select DNS > Domains.

  3. In the MANAGED DNS tab, select the relevant domain (for example, domain1).

  4. Select the RECORDS tab.

    The table displays all the records associated with the domain.

  5. Select Filters at the top of the results table:

    1. Under Column, select Record Type.

    2. Under Operator, select contains.

    3. Under Value, enter CAA.

  6. Select Columns at the top of the results table, then select all checkboxes to ensure that all record information is displayed.

Path 2

  1. Sign in to your DigiCert®​​ DNS account.

  2. From the landing page, go to the left sidebar and select DNS > Domains.

  3. In the MANAGED DNS tab, select the relevant domain (for example, domain1).

  4. Select the RECORDS tab.

    The table displays all the records associated with the domain.

  5. Toggle Group Records to group records by type.

  6. Select the CAA record drop-down list.

Update a specific CAA record

Let op

This procedure updates a specific CAA record (caarecord) created in an earlier procedure.

To test this function, call this API endpoint: PUT /domains/primary/{domainId}/records/CAA/{recordId}

  1. Sign in to your DigiCert®​​ DNS account.

  2. From the landing page, go to the left sidebar and select DNS > Domains.

  3. In the MANAGED DNS tab, select the relevant domain (for example, domain1).

  4. Select the RECORDS tab.

    The table displays all the records associated with the domain.

  5. Locate the specific record - see Path 2 for quick filtering.

  6. Select the name of the record (for example, caarecord) whose details you want to update.

    Alternatively, select the overflow menu (three vertical dots) at the end of the record's row, and select Edit.

  7. In the Edit Record dialog:

    1. Edit the record's details as required.

    2. Select Save to finish.

      A message appears confirming the successful update of the record.

In deze sectie: