Get your DigiCert, Symantec, Thawte, GeoTrust, and RapidSSL SSL/TLS certificates

With the recent acquisition of Symantec’s Website Security and related PKI solutions, DigiCert has brought all the brands under one Certificate Authority – DigiCert. When you create a CAA RR for yourdoman.com authorizing DigiCert to issue SSL/TLS certificates for it, you are authorizing DigiCert to issue DigiCert, Symantec, Thawte, GeoTrust, and RapidSSL branded SSL/TLS certificates for that domain. To learn more about the DigiCert Website Security acquisition, click here.

In other words, you don’t need to create five unique CAA RRs (one for each brand) for yourdomain.com. Instead, you can create one record, which authorizes DigiCert to issues any of the DigiCert owned certificate brands.

For additional information about DNS CAA resource records, see DNS CAA Resource Record Check.

Procedure

To authorize DigiCert to issue your DigiCert, Symantec, Thawte, GeoTrust, and RapidSSL certificates for your domain, update the domain's DNS record to include a CAA record for "digicert.com". For more detailed information about how to access and edit DNS records on your domain, contact your domain registrar.

  1. Open the CAA DNS zone file.

  2. Under $ORIGIN yourdomain.com, add the line, CAA 0 issue “digicert.com”. (See Valid CAA Resource Record Values.)

    $ORIGIN yourdomain.com
    . CAA 0 issue "digicert.com"

    Note: This single CAA RR applies to all hosts and subdomains under your domain (www.yourdomain.com, shop.yourdomain.com, checkout.yourdomain.com, etc.).

  3. Next, complete one of the steps below to update your order status:

    1. DigiCert CertCentral, MPKI, Retail, Reseller Platforms:

      Contact support to complete the certificate approval process for the domain.

    2. Symantec Trust Center:

      1. Sign in to your Symantec Trust Center account.

      2. On the SSL/TLS certificate's Order Summary tab, recheck the order's status.

      3. When the check succeeds, your order is processed normally.

    3. Managed PKI for SSL:

      Contact your Managed PKI for SSL administrator to complete the certificate approval process for the domain.

    4. Symantec Partner Center:

      1. Sign in to your Symantec Partner Center account.

      2. On your SSL/TLS certificate's Order Information page, click Recheck CAA.

      3. When the check succeeds, your order is processed normally.

Valid CAA Resource Record Values

Below are valid CAA RR values that you can currently use in your CAA records to authorize DigiCert to issue your SSL/TLS certificate.

  • digicert.com

  • www.digicert.com

  • digicert.ne.jp

  • cybertrust.ne.jp

  • symantec.com

  • thawte.com

  • geotrust.com

  • rapidssl.com

  • volusion.digitalcertvalidation.com

  • stratossl.digitalcertvalidation.com

  • intermediatecertificate.digitalcertvalidation.com

  • 1and1.digitalcertvalidation.com

All values listed are equivalent. In other words, you can use any one of the values to allow DigiCert to issue SSL/TLS certificates for all the DigiCert certificate brands, portals, products, etc.