First of all Certificate Authority Authorization or CAA for short is not new.
It was however, only March 2017 that the Certificate Authority Group decided to make it a mandatory check for all SSL Certificates.
Now you’re asking what is CAA.
Well CAA is a new record that you can add to your DNS Zone file (check with your hosting provider) that says which SSL Certificate issuing authority is allowed or has issued an SSL Certificate for that domain name.
The aim is to stop a fraudulent SSL Certificates from being issued against your domain.
The downside is that if you don’t have the CAA records in your DNS Zone file the SSL Certificate issuer will assume that they are allowed to issue a certificate for that domain name.
Here at redIT we now recommend that you add a CAA record zone to your DNS even if you add the default block record which will then stop anyone from getting a certificate to use fraudulently against your domain name.
A great simple website that will allow you to create your CAA records can be found at:
Once you have gone through the three steps you are then ready to copy the information in step 4 to your DNS provider.
Also as I said you can issue just a don’t issue record which is simply the following:
example.com. IN CAA 0 issue ";"
We will the updating our Knowledge base with the full steps on how to add these DNS records this week but if you need any help please just give our support team a shout.