Create CAA Record

Psychz allows you to create a CAA record in your DNS settings that allows you to control which Certificate Authorities (CA) can issue SSL certificates for specific domains in your organization. By doing this you can avoid having your website going down because of an SSL Certificate issue.

• Step 1: Go to Domains
• Step 2: DNS Records
• Step 3: Select Type
• Step 4: Input TTL
• Step 5: Input Weight
• Step 6: Input Flags
• Step 7: Select Tags
• Step 8: Save settings

To create CAA record, please follow the step below

Step 1: Go to Domains

Go to your Domains page where you have added the domain under DNS section and click on DNS records button under Action column.

Note: You need to add a domain first before you create CAA record for it.

Step 2: DNS Records

Click on the '+' button to add a DNS record

Step 3: Select Type

Once you are in the Add DNS Record page, click on the Select type menu. This should show you many options of which you need to select 'CAA' to add 'CAA' record.

Step 4: Input TTL

Enter a numeric value (seconds) in the text area.

TTL (Time To Live), is always listed in seconds. This means that if an A record gets updated, it XX seconds (specified seconds) to take effect.

Step 5: Input Weight

Enter 2 digit numeric value less than or equal to 10.

Weight is the probability of resolving the query. For example, if there are two A records, and the weights are defined as 6 and 4 respectively. The query will resolve the 1st A record 60% of the times and the 2nd 40% of the times.

Note: Default weight restriction is 10 or below.

Step 6: Input Flags

Input a number between 0-255.

The number you define identifies the criticality of the flag. The critical flag is intended to permit future versions CAA to introduce new semantics that MUST be understood for correct processing of the record.

Step 7: Select Tags

From the dropdown menu choose one of the options.

Tags are ASCII strings that represents the identifier of the property represented by the record.

Issue: explicitly authorizes a single certificate authority to issue a certificate (any type) for the hostname.

Issue wild: explicitly authorizes a single certificate authority to issue a wildcard certificate (and only wildcard) for the hostname.

iodef: specifies a URL or email to which a certificate authority may report policy violations.

NOTE: The Issue wild tags take precedence over Issue tags when specified. Once there’s one CAA record with the Issue wild tag in place, regardless of its value, wildcard certificate requests will be rejected unless there’s a specific CAA record with the Issue wild tag for that CA and the requested hostname.

Step 8: Save settings

Click on the save button to save your settings.