How to add Certification Authority Authorization (CAA) record to your DNS for Enabling (HTTPS) in Blogger

 

How to add Certification Authority Authorization (CAA) record to your DNS



*Lets First Understand What is CAA ?

There are over a hundred organizations, called certificate authorities, that can issue SSL certificates which vouch for the identity of your domain. If you're like most domain owners, you probably get your certificates from only a handful of certificate authorities. CAA (Certificate Authority Authorization) lets you declare which certificate authorities you actually use, forbidding the others from issuing certificates for your domain.

Here are some reasons for you to use CAA:

You want to reduce your risk from insecure certificate authorities. You can use CAA to limit your domain to certificate authorities which you trust not to issue unauthorized certificates.
You want to stop your employees from obtaining certificates from unauthorized vendors.
Setting up CAA is easy. Use the handy CAA generator to check off the certificate authorities which you authorize. Then publish the generated DNS records in your domain's DNS. Your domain needs to be hosted with a DNS provider that supports CAA. Fortunately, many major DNS providers now support CAA.

CAA is an IETF standard defined by RFC 6844. As of September 8, 2017, all public certificate authorities are required to respect CAA records. Before issuing a certificate for a domain, they must check the domain for CAA records, and refuse to issue if the CAA record set doesn't authorize them. (If there is no CAA record, they are allowed to issue.)


CAA and Sub-domains

The CAA record set for a domain also applies to all sub-domains. If a sub-domain has its own CAA record set, it takes precedence.

For example, before a certificate authority issues a certificate for www.example.com, it will query domains for CAA record sets in the following order, and use the first record set it finds:

www.example.com
example.com


CAA and CNAME

If a domain name is a CNAME (also known as an alias) for another domain, then the certificate authority also looks for CAA record sets at the CNAME target, as well as all parent domains of the target. If no CAA record set is found, the certificate authority continues searching parent domains of the original domain name.

For example, if blog.example.com is a CNAME for blog.example.net, then the certificate authority looks for CAA record sets in the following order:

blog.example.net
example.net
example.com


Limitations


A certificate authority that goes rogue or is totally compromised can issue a certificate for your domain regardless of what CAA says. Also, DNS records can be spoofed by a powerful attacker to trick a certificate authority into thinking that it is authorized.

However, in practice CAA would have protected domain owners from many of the recent security vulnerabilities in certificate authorities. Publishing a CAA policy is a very sensible security measure despite its limitations.

For added protection, use a Certificate Transparency monitor  to alert you if a certificate is issued that violates your CAA policy.


Who Supports CAA?

If you want to publish a CAA record, your domain's DNS software (or provider) needs to support CAA. This page tells you which DNS software and providers support CAA.

If you don't want to publish a CAA record, it shouldn't matter whether or not your domain's DNS software supports CAA, since the DNS protocol provides a way to add new record types in a backwards compatible way. Unfortunately, some DNS software is broken and mishandles unsupported record types such as CAA. If your domain uses such DNS software, you may have trouble getting certificates for your domain.


NOTE: Below are some Step By Step (Screenshots Guide) to Successfully Enable 'https://' on your Website. For which We suggest you to use 'Letsencrypt' which is completely free of cost as well as encrypts your Website from different types of threats.


*  We used Namecheap Dashboard With Letsencrypt CAA with Blogger 'https://' for an example.



FOLLOW STEP BY STEP GUIDE :-



1. Visit Your Domain Registrar Dashboard and Click on (MANAGE)

How to add Certification Authority Authorization (CAA) record






2. Then Click ( Advanced DNS )

How to add Certification Authority Authorization (CAA) record









 




3. Add a New ( CAA Record )


How to add Certification Authority Authorization (CAA) record to your DNS for Enabling (HTTPS) in Blogger







4. Add a CAA record as as follow:-
Type :- CAA Record
Host :- 
Value :- Issue   "letsencrypt.org"

TTL :- 5 Min













5. Add a CAA record as as follow:-
Type :- CAA Record
Host :-  
Value :- Issuewild   "letsencrypt.org"

TTL :- 5 Min


How to add Certification Authority Authorization (CAA) record to your DNS for Enabling (HTTPS) in Blogger












6. Goto Your Blogger Dashboard then enable (HTTPS)


How to add Certification Authority Authorization (CAA) record to your DNS for Enabling (HTTPS) in Blogger













* Please comment below if you face any problems or have any questions regarding to this topic or any other topic . We shall cover it up on our next post.


COMMENTS

BLOGGER
Name

240gb,1,Android,2,apps,1,Bollywood,1,CAA,1,Guides,1,IMDB Ratings,1,information,5,Most viewed,1,Smart Phones,1,Solid state drive,1,SSD,1,Tech,2,top 10,4,Top 5,1,Website,1,youtube,1,
ltr
item
StuffsEarth | Information Provider: How to add Certification Authority Authorization (CAA) record to your DNS for Enabling (HTTPS) in Blogger
How to add Certification Authority Authorization (CAA) record to your DNS for Enabling (HTTPS) in Blogger
Adding a CAA Record to your DNS whether you are using blogger or others Hosting service!
https://1.bp.blogspot.com/-KV2jj82-zfE/X6WRhIsSAQI/AAAAAAAABfc/mSfjWJSD2SUZdFMm6uFVnprhvmlU-gIeQCNcBGAsYHQ/w640-h362/Screenshot%2B%25286%2529.png
https://1.bp.blogspot.com/-KV2jj82-zfE/X6WRhIsSAQI/AAAAAAAABfc/mSfjWJSD2SUZdFMm6uFVnprhvmlU-gIeQCNcBGAsYHQ/s72-w640-c-h362/Screenshot%2B%25286%2529.png
StuffsEarth | Information Provider
https://www.stuffsearth.xyz/2020/11/How%20to-add-Certification-Authority-Authorization-CAA-record-to-your-DNS.html
https://www.stuffsearth.xyz/
https://www.stuffsearth.xyz/
https://www.stuffsearth.xyz/2020/11/How%20to-add-Certification-Authority-Authorization-CAA-record-to-your-DNS.html
true
4933864243802736112
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy