CAA Record Generator Tool

State your Preferred Certificate Authority

CAA is a powerful record in your DNS settings that allows you to control which Certificate Authorities (CA) can issue SSL certificates for specific domains in your organization. Think of the record as your domain’s medical record. Hospitals will refer to the record before issuing any remedies to ensure they’re not providing you with any medicine that might trigger an allergic reaction! The same concept applies with CAA Records, but with domains and SSL certificates—and a lot less nausea.

Starting September 8, 2017, CAs will be required by the industry’s governing body to check the CAA record before issuing any type of SSL certificates (DV, OV, EV) for your domain(s). This DNS setting allows organizations to further protect their brand reputation, security integrity, and customers’ trust, while minimizing the possibilities of finding random expired SSL certificates from rogue employees.

Let’s face it. Nobody ever wants to have their website down because of an SSL Certificate issue. Nobody wants to miss out on revenue. So, let’s prevent those issues and specify your CAA Record today!

Generate your CAA Record

Use our tool below to quickly create proper CAA Records for your domain(s). Enter the domain, specify the CA, and select the certificate type. We’ll automatically generate the DNS values for you to input on your server!

Domain Name:
Select Authorized CA:
CA Name Non-Wildcard Wildcard
DigiCert
(Symantec, GeoTrust, Thawte, RapidSSL)
Sectigo
(Comodo CA)

Using your Domain Registrar’s DNS or another Service?

No worries! Many of the most popular domain registrars and DNS providers support CAA Records, with many more adopting the record on a daily basis! Below is a brief overview of some of the largest providers of DNS services that support CAA Records. Don’t see your provider? Drop them a support ticket and ask