Certificate Authority Authorization

Dns certification authority authorization caa is designed to allow a dns domain name holder a website owner to specify one or more certificate authorities cas the authority to issue certificates for that domain or website according to a definition in ietf draft rfc 6844.

Certificate authority authorization. Lets understand the technology that is a dns caa or certification authority authorization record and whether you should use it or not. Dns certification authority authorization caa defined in ietf draft rfc 6844 is designed to allow a dns domain name holder a website owner to specify the certificate signing certificates authorized to issue certificates for that domain or website. Created by the internet engineering task force ietf and described in rfc 6844 caa lets the owner of a domain name authorize designated and specific certification authorities cas to issue ssl certificates for their. It does this by means of a new caa domain name system dns resource record.

It was standardized in 2013 by rfc 6844 to allow a ca reduce the risk of unintended certificate mis issue by default every public ca is allowed to issue certificates for any. Dns certification authority authorization caa is an internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. Jul 27 2017 see all documentation caa is a type of dns record that allows site owners to specify which certificate authorities cas are allowed to issue certificates containing their domain names.