We use cookies
We use cookies to optimize our website. By continuing to browse the site, you agree to our use of cookies.
New design
Control panel
  • Русский
  • Українська
  • English
  • UAH
  • USD
  • RUB
  • EUR
  • 0-800-307-307 Hotline
  • +38 (044) 392-74-33 Kiev
  • +38 (057) 728-39-00 Kharkiv
  • +38 (056) 794-38-31 Dnipro
  • +38 (032) 229-58-93 Lviv
  • +38 (048) 738-57-70 Odessa
  • +38(093) 170-15-42  Life
  • +38 (067) 400-88-44 Kievstar
  • +1(888)393-24-51  USA, Toll free
  • +44(131)507-01-14  Great Britain
  • +7 (499) 348-28-61 Moscow
    Categories

      3.1.5.7. CAA

      CAA (Certification Authority Authorization) is an entry that defines which certification authorities are allowed to issue SSL certificates for a specific domain or subdomain.

      Important points:

      • The record value for a domain or subdomain is inherited across all of its subdomains, unless explicitly specified otherwise.
      • To define multiple CAs for the same domain or subdomain, you need to add multiple CAA records.
      • The absence of a CAA record is considered by certification authorities as permission to issue a certificate.
      • The complete specification of the CAA record is available at RFC 6844.

      Recording added in the domain settings and its data consists of three parameters, separated by spaces: 

      flag tag value

      Parameters:

      • flag - An 8-bit number, the most significant bit of which determines how critical the certification authority is about the entry. Possible values:
        • 0 - if the certification authority does not support the parameter tag or cannot recognize him, he is allowed to issue a certificate at his discretion.
        • 128 - if the certification authority does not support the parameter tag or cannot recognize it, it is forbidden to issue a certificate.
      • tag - possible values:
        • issue - defines a certification authority that is allowed to issue a certificate.
        • issuewild - defines a certification authority that is allowed to issue a wildcard certificate.
        • iodef - defines an email address or URLthat the CA should use for notifications if a request is received to issue a certificate that violates the rules defined by the CAA record.
      • value - depends on the value tag and must be in double quotes (""). If there are several additional parameters, they must be separated by a semicolon (;). Possible values:
        • Ifa tag equally issue, then as value indicates:
          • Or the domain of a certification authority that is allowed to issue a certificate.
          • Or ";"if you want to prevent all certification authorities from issuing a certificate.
        • Ifa tag equally issuewild, then the possible values for value the same as for tag equally issue, only in this case for a wildcard certificate.
        • Ifa tag equally iodef, then as value indicates:
          • Or an email address in the format "mailto:admin@example.com".
          • Or URL in the format "http(s)://URL".

      For convenience, when creating a record, you can use online generators:

      What CAA records look like in domain settings:

      Other post types

      Services
      Company
      Technical support
      Of the agreement
      Copyright © 2006—2021 Ltd "Hosting "Ukraine""
      All materials on this site are protected by copyright.
      It is prohibited to copy, distribute or any other use of information and objects without the written consent of the copyright holder.
      Found a typo on the page - select it and press Ctrl + Enter
      ru uk en