What is PRE-SIGN FAILED? What is a CAA record? - DNS Certification Authority Authorization (CAA) Resource Record

The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain.

CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue.

 

Example CAA records:

example.com. 21050 IN CAA 0 issue "sectigo.com"

example.com. 21050 IN CAA 0 issuewild "sectigo.com"

example.com. 21050 IN CAA 0 issue "digicert.com"

example.com. 21050 IN CAA 0 issuewild "digicert.com"

 

IMPORTANT: The CA does not automatically recheck the CAA records after a "Pre-Sign Failed" error. Please first correct the CAA records and then contact our support so we can request a recheck with the CA.



This document defines the syntax of the CAA record and rules for processing CAA records by certificate issuers.

Show details in RFC 6844:
https://tools.ietf.org/html/rfc6844


Was this answer helpful?

 Print this Article

Also Read

Decrypting SSL traffic with tshark (private key required)

Sample: #!/bin/bash tshark -f "tcp port 80" -Y 'http.request || http.response' #OR (for...

Can you issue SSL certificates for .krd / .gov.krd (Kurdistan - Iraq) domains?

YES, the TLD has been added by GeoTrust / RapidSSL on our request for one of our customers. ;-)

Check SSL security, installation and configuration

Feel free to use the collection of SSL tools we are providing to check your SSL configuration and...

How can i verify my SSL certification?

Please use the tools from our SSL Tools site which offer you all kinds of SSL checker tools for...

Where can i get a Wildcard EV (Extended Validation) SSL certificate?

Unfortunately EV certificates cannot be Wildcard due to CA/B Forum policies, so the only option...

Powered by WHMCompleteSolution