CAA is an additional security measure of the CA/Browser Forum's baseline requirements to prevent the misuse of the certificate issuance.

By depositing CAA entries (Certification Authority Authorization DNS Resource Record) for each Fully Qualified Domain Name (FQDN), the domain owner can determine which CA is authorized to issue the certificate. In the course of order validation, the CA checks all FQDNs of the certificate request for existing CAA records in the DNS (CAA Records for Fully Qualified Domain Names).

The ServerPass certification authority may only issue the certificate if, for each FQDN of a certificate order

  1. a CAA entry is found whose issue or issuewild property includes "".
  2. no CAA entry is filed.

To speed up order processing, you should store the issue or issuewild property "" for all your domains.