CAA Record
A DNS record that specifies which certificate authorities are authorized to issue SSL/TLS certificates for a domain.
What is CAA Record?
What is CAA Record?
Certificate Authority Authorization (CAA) DNS records let domain owners declare which certificate authorities (CAs) are permitted to issue certificates for their domain. Without CAA records, any CA can issue a certificate for any domain. By setting CAA records, organizations prevent unauthorized certificate issuance — a critical defense against man-in-the-middle attacks. For example, a CAA record might specify that only Let's Encrypt and DigiCert are authorized to issue certificates.
Ready to secure your stack?
Secure your entire stack today
Start scanning in under 5 minutes. No credit card required. 14-day free trial included.