How to create CAA record in Traffic Director?

The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain. CAA records can set policy for the entire domain, or for specific hostnames. They are also inherited by subdomains, therefore a CAA record set on domain.com will also apply to any subdomain, such as subdomain.domain.com (unless overridden). CAA records can control the issuance of single-name certificates, wildcard certificates, or both.

Why do you need a CAA record?

CAA records allow you to determine which certification authorities may issue certificates for your domain and subdomains. For that reason, it is always a good idea to control this via proper CAA record(s).

Follow the steps to create the record

  • Login to your 5centsCDN control panel.
  • Go to Traffic Director and click the Manage button of your Domain.
  • Click the green plus button to create a new DNS record. The values are explained below
    • Type: CAA
    • TTL: Specify the TTL value
    • Host: Specify the hostname
    •  Providers: Specify the domain name of the Certificate Authority that applies to this record.
    • Tag: This allows you to choose how you want certificates to be issued by the CA. Each CAA record can contain only one tag-value pair.
      • issue: Explicitly authorizes a single certificate authority to issue a certificate of any type for the hostname.
      • issuewild: Authorization for CAs to issue certificates that specify a wildcard domain.
      • iodef (Incident Description Exchange Format): Specifies if CAs should email reports of certificate issues and violations to the domain owner.
    • . Data: This field will automatically populate with the FQDN of the CA provider after you enter the provider.
    • Issuer Critical: A value of 0 = “not critical” and 1 = “issuer critical.” CAA records have issuer critical set to a value of 0 by default. If a CA does not understand the flag value, then the CA will return with “no issue” for the certification.
    • You can also add multiple values by clicking ADD ANOTHER VALUE button. Also, enable or disable options available nearest to the values.

  • Click the CREATE button.