Logo

PKI Consortium blog

Posts by tag CAA

    What is Certification Authority Authorization?
    September 25, 2013 by Rick Andrews CAA IETF Policy SSL/TLS

    DNS Certification Authority Authorization (CAA), defined in IETF draft RFC 6844, is designed to allow a DNS domain name holder (a website owner) to specify the certificate signing certificate(s) authorized to issue certificates for that domain or website. Usually, the certificate signing certificate will belong to the Certification Authority (CA) that issues SSL certificates to you. It’s a way for you to indicate which CA or CAs you want to issue certificates for your domains. Using CAA could reduce the risk of unintended certificate mis-issuance, either by malicious actors or by honest mistake.

    Participate in our community discussions and/or join the consortium