• Inicio
• Servicios
• TCS
• Noticias

CAA lookups for the issuance of S/MIME certificates

Dear Valued Customer,

We are writing to inform you of an important technical update that relates to your S/MIME certificate issuance. As of September 15, 2024, Sectigo has begun enforcing CAA (Certification Authority Authorization) lookups for S/MIME certificates.

What’s new?

The enforcement of CAA lookups for S/MIME certificate issuance is designed to enhance security and provide more control over which Certificate Authorities (CAs) are authorized to issue S/MIME certificates certifying email addresses for your domains.

What is changing?

Since September 15, 2024, Sectigo checks for a valid CAA record before issuing S/MIME certificates. If no CAA record exists for your domain, any CA can issue certificates. However, adding a CAA record restricts issuance to only authorized CAs, offering additional security.

Action Required

To introduce this additional security for issuance of your S/MIME certificates:

• Verify that your DNS settings include the appropriate CAA records.
• Ensure your DNS CAA record is configured to authorize Sectigo (sectigo.com) for issuing S/MIME certificates.
• If needed, consult your DNS hosting provider for assistance with updating your CAA records.

Important note

Please note that not all DNS server software and DNS providers currently support the “issuemail” property required for S/MIME-related CAA records. We recommend reaching out to your domain registrar to confirm whether this functionality is supported and assist with any necessary updates.

Where to Get Help

If you have any questions or need further guidance, our support team is here to assist you. Please refer to our Knowledge Base for more information on how to manage CAA records.

Updating your CAA record

Thank you for your attention to this important update. Ensuring compliance with CAA record policies will help maintain the security and integrity of your certificate management process.