CAA Record Generator

CAA DNS Record คืออะไร

ผู้ออกใบรับรอง SSL มีการกำหนด มาตรฐานใหม่ ให้เจ้าของโดเมนเนม ต้องทำการเพิ่ม CAA Record เพื่อแจ้งให้นายทะเบียน SSL ทราบว่า โดเมนของท่านอนุญาตินายทะเบียน SSL แบรนด์ใดสามารถออกใบรับรอง SSL Certificate ให้ได้บ้าง 

ยี่ห้อใบรับรอง SSL Certificate  DNS Type   Flags  Tag     Value/Answer/Destination    
Digicert CAA 0 issue digicert.com
GlobalSign, AlphaSSL CAA 0 issue globalsign.com
Entrust CAA 0 issue entrust.net
GeoTrust CAA 0  issue  geotrust.com
Thawte CAA 0 issue thawte.com
RapidSSL CAA 0 issue rapidssl.com
Sectigo , Comodo CAA 0 issue sectigo.com
Godaddy    CAA 0 issue starfieldtech.com

เครื่องมือช่วยสร้าง CAA DNS Record


CA Name Non-Wildcard Wildcard
DigiCert
(Symantec, GeoTrust, Thawte, RapidSSL)
Comodo
(Sectigo)
ติ๊ก None-Wildcard และ Wildcard หมายถึง ให้ CAA Record ครอบคลุมถีงโดเมนหลัก และ Sub-Domain ทุกตัว


Certification Authority Authorization (CAA) is a powerful record in your DNS settings that allows you to control which Certificate Authorities (CA) can issue SSL certificates for specific domains in your organization. Think of the record as your domain’s medical record. Hospitals will refer to the record before issuing any remedies to ensure they’re not providing you with any medicine that might trigger an allergic reaction! The same concept applies with CAA Records, but with domains and SSL certificates - and a lot less nausea.

Starting September 8, 2017, CAs will be required by the industry’s governing body to check the CAA record before issuing any type of SSL certificates (DV, OV, EV) for your domain(s). This DNS setting allows organizations to further protect their brand reputation, security integrity, and customers’ trust, while minimizing the possibilities of finding random expired SSL certificates from rogue employees.

Let’s face it. Nobody ever wants to have their website down because of an SSL Certificate issue. Nobody wants to miss out on revenue. So, let’s prevent those issues and specify your CAA Record today!

Using your Domain Registrar’s DNS or another Service?

No worries! Many of the most popular domain registrars and DNS providers support CAA Records, with many more adopting the record on a daily basis! Below is a brief overview of some of the largest providers of DNS services that support CAA Records. Don’t see your provider? Drop them a support ticket and ask

- cPanel v66+

- Cloudflare

- DNS Made Easy

- DYN Managed DNS

- Gandi

- Hurricane Electric (HE) DNS

- Amazon Route 53