What CAA records for dedicated SSL cert

I wish to add CAA records to my DNS.

I have a dedicated SSL cert. purchased through Cloudflare for a number of (sub)domains.

The Universal SSL cert. requires comodoca.com, digicert.com, and globalsign.com.

Which record(s) do I need for the dedicated SSL cert.?

I believe it’s the same but here is a handy little tool from SSLMate to verify CAAs. https://sslmate.com/caa/

The SSLMate tool scrapes certificate creation logs, which means it will add unexpired certificates even if they are no longer used. It also can’t distinguish between wildcard and non-wildcard, so it’s a fine starting point but requires editing.

Is there any canonical answer to which CA’s are required for Cloudflare dedicated certs?

Unfortunately, the link I was checking is Top Secret, or something because I’m not authorized to access it.

I can say that I use Dedicated Certificates and the three you list are what I use. Plus I add letsencrypt.org for my origin certs.

This topic was automatically closed after 30 days. New replies are no longer allowed.