DE

How to Enable Missing SSL CAA Record

In this article:

The domain’s DNS zone does not specify any Certification Authority Authorization (CAA) record. This means that all certificate authorities (CAs) are allowed to issue certificates for this domain.



Missing SSL CAA Record Security Assessment

Security Assessment Enable missing SSL CAA record

CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Missing SSL CAA Record Vulnerability Information

The domain’s DNS zone does not specify any Certification Authority Authorization (CAA) record. This means that all certificate authorities (CAs) are allowed to issue certificates for this domain. To decrease the risk of rogue certificates, append the CAA settings to the DNS records.

Prevention Guide for SSL/TLS Vulnerabilities

Prevention Guide

Learn how to detect and prevent different kinds of SSL/TLS vulnerabilities.

Download

How to Enable Missing SSL CAA Record

To enable CAA, you need to specify the appropriate record in your DNS server. For example, the following records allow only Let’s Encrypt to issue certificates for your domain example.org.

example.org.  CAA 0 issue "letsencrypt.org"

A free online tool can help you to generate the correct CAA record: https://sslmate.com/caa/

If you do not have direct access to your DNS server, you need to ask your DNS provider to set this entry for you. Creating the record can be normally done in their configuration interface.

dnsimple

With dnsimple, you can add the CAA record in the web interface. Use the Record editor and add your CA as the provider for your certificate. Further information is found on their website.

Get a quick security audit of your website for free now

We are analyzing https://example.com
Scanning target https://example.com
Scan status: In progress
Scan target: http://example.com/laskdlaksd/12lklkasldkasada.a
Date: 23/09/2022
Crashtest Security Suite will be checking for:
Information disclosure Known vulnerabilities SSL misconfiguration Open ports
Complete your scan request
Please fill in your details receive the
quick security audit by email.
Security specialist is analyzing your scan report.
То verify your identity please provide your phone/mobile:
Thank you.
We have received your request.
As soon as your security audit is ready, we will notify you.