CAA records allow administrators to specify which certificate authorities (CAs) and optionally, which accounts with those authorities, are allowed to issue certificates in the relevant domain. All CA/Browser (i.e., publicly trusted) CAs check this record before issuing certificates in order to minimize the chance of an attacker obtaining a fraudulent certificate.
Ensure that domains have CAA records. Refer to documentation from the CA for the correct CAA record to be set. If there are multiple CAs, CAA records may be combined. Be aware that CAA records apply transitively to subdomains.
CAA records allow administrators to specify which certificate authorities (CAs) and optionally, which accounts with those authorities, are allowed to issue certificates in the relevant domain. All CA/Browser (i.e., publicly trusted) CAs check this record before issuing certificates in order to minimize the chance of an attacker obtaining a fraudulent certificate.
Ensure that domains have CAA records. Refer to documentation from the CA for the correct CAA record to be set. If there are multiple CAs, CAA records may be combined. Be aware that CAA records apply transitively to subdomains.