CAA = Certification Authority Authorization

Here is an example:

CAA Record Example
CAA Record Example

Simple but effective protection against rogue Certificate Authorities.

You will need two or three DNS records. As shown in example below.

First Record

Second Record

Third Record

Notes

How to measure success?

You can use CAA checker at CAAtest.co.uk or similar tools.

I suggest you also monitor Certificates issued for all of your domain names. This is known as Certificate Transparency monitoring.

We use a strictly necessary technical cookie (__Host-PHPSESSID) to ensure secure browsing. No consent is required under GDPR. See our Cookie Policy and Privacy Policy for details.