Certification Authority Authorization (CAA)
A Certification Authority Authorization (CAA) is a security feature that allows a domain owner to specify which Certificate Authorities (CAs) are allowed to issue certificates for their domain.
This prevents “Shadow IT” or attackers from requesting a certificate for your domain from a CA you don’t use (e.g., if you only use Let’s Encrypt, a CAA record can block a request from Comodo). Since 2017, all CAs are legally required to check CAA records before issuing a certificate.
Frequently Asked Questions
Any valid Certificate Authority can issue a certificate for your domain. While not a “broken” state, it is less secure than restricting issuance to your preferred providers.
Build a high-performance engine. From securing your site with HTTPS and SSL/TLS to building custom REST APIs, our Web Development team ensures your infrastructure is scalable, secure, and future-proof.