将CAA记录与SSL证书配合使用
证书颁发机构授权(CAA)记录可用于指定允许哪些证书颁发机构(CA)为您的域名颁发证书。 CAA记录还会创建域名所有者不允许的,何时从CA请求证书的通知规则。
CAA记录检查
When you request an SSL certificate from us, we will check the DNS of your domain for a CAA record. If there is no record present, your certificate will continue through the issuance process.
- When you request an SSL certificate for a domain that does have a CAA record, if godaddy.com or starfieldtech.com is listed on that record we will continue the issuance process.
- If something other than godaddy.com or starfieldtech.com is listed on that record, we can not issue the certificate to you. The certificate will be denied, and an email will automatically be sent to the requestor and the email address on the CAA record.
创建CAA记录
You can create a CAA record with your DNS host to limit which CAs can issue an SSL certificate for your domains. To do so, contact your DNS provider and have them list either godaddy.com or starfieldtech.com in the CAA record.