Symantec clients (including GeoTrust, Thawte and RapidSSL) must provide CAA in the DNS domain record

According to the latest updates of the CA/B Forum rules, which is acting as the SSL industry regulator, SSL issuing certification authority (such as Symantec, GeoTrust, Thawte or RapidSSL) must be listed in the CAA DNS domain record.
Just recently, the CA /B Forum has announced their decision, which states that all certifying authorities must comply with the Certification Authority Authorization (CAA) requirement for certificate issuance process. CAA allows domain owner to point out certain certification authority or authorities, which authorized to issue SSL / TLS certificates for this particular domain. It is significantly reduce the risk of unauthorized issuance of SSL / TLS certificates for a certain domain.
How to update the DNS record for Symantec certificates
- Open the file with the CAA DNS zone to begin editing
 
- Right under $ ORIGIN symantecoffer.com, add a line. CAA 0 issue "symantec.com"
 
- Go to the Symantec Trust Center and open the Order Summary tab to check the status of the certificate. If the check is successful, then everything is fine. For Managed PKI for SSL, you need to contact your administrator to complete the certificate verification for the domain.
 
How to update the DNS record for Thawte certificates
- Open the file with the CAA DNS zone to begin editing.
 
- Right under $ ORIGIN thawteoffer.com, add a line. CAA 0 issue "thawte.com"
 
- Go to the Thawte Certificate Center (TCC) and open the Order Summary tab to check the status of the certificate. If the check is successful, then everything is fine.
 
How to update the DNS record for GeoTrust certificates
- Open the file with the CAA DNS zone to begin editing.
 
- Rught under $ ORIGIN geotrustoffer.com, add a line. CAA 0 issue "geotrust.com"
 
- Go to the GeoTrust Security Center and open the Order Summary tab to check the status of the certificate. If the check is successful, then everything is fine.
 
How to update the DNS record for RapidSSL certificates
- Open the file with the CAA DNS zone to begin editing.
 
- Right under $ ORIGIN rapidssl.com, add a line. CAA 0 issue "rapidssl.com"
 
- Go to the RapidSSL Partner Center and open the Order Information page to check the status of the certificate. Click on Recheck CAA. If the check is successful, then everything is fine.
 
Another important update concerns the indication of address information in OV and EV SSL / TLS-certificates (including code signing certificates). According to this change, consistent with the CA / B Forum requirements, state / province information is optional in case if locality is specified.
For more information about this change, please refer to a following links:
We appreciate our customers and strive to provide the most up-to-date and actual information about all changes regarding the SSL area. Subscribe to our newsletter, as well as on groups in social networks, to stay updated!
Purchase Symantec certificates with a hassle-free service at LeaderSSL!


 
 
                       
                       
                       
                       
                       
                       
                       
                       
                       
                       
                       
                       
                       
                      