Transport Layer Security Authentication (TLSA)

A Transport Layer Security Authentication (TLSA) record is used for DANE (DNS-based Authentication of Named Entities). It allows a domain owner to specify which certificate or Certificate Authority (CA) should be trusted for a specific service.

TLSA provides an extra layer of security beyond the standard CA model. Even if a rogue CA issues a fraudulent certificate for your domain, a browser or mail client checking the TLSA record will see that the certificate doesn’t match your published policy and will block the connection. This is particularly popular in securing SMTP (Email) traffic between servers.

Frequently Asked Questions

In theory, yes (using 'Domain-issued certificates'), but in practice, most web browsers still require a standard CA certificate. TLSA is currently most effective as an additional "pinning" mechanism to ensure only your specific certificate is accepted.

Build a high-performance engine. From securing your site with HTTPS and SSL/TLS to building custom REST APIs, our Web Development team ensures your infrastructure is scalable, secure, and future-proof.

Frequently Asked Questions

Can TLSA replace the standard SSL Certificate Authority?

Let’s amplify your success together!

Newsletter Sign Up