How to prepare the domain for the high risk detection?

For the purpose of issuing SSL certificates, Certum performs a series of domain verifications, called automatic/system verifications, identifying blocks and high-risk orders. Check the domain settings for the conditions described below to enable positive verification:

1. Setting the CAA record in DNS:
   • No CAA records set for the verified domain and its higher-level domains or
   • If you wish to set specific CAA as allowed to issue certificates for the domain, set the CAA record for the verified domain in the form:
   • For standard SSL certificates:

   yourdomain.com. IN CAA 0 issue "certum.pl" or "certum.eu"

   • For wildcard SSL certificates:

   yourdomain.com. IN CAA 0 issuewild "certum.pl" or "certum.eu".
   If you need to additionally use the CAA record extensions by using its parameters, provide them based on the example below:
   yourdomain.com. IN CAA 0 issue "certum.pl; accounturi=XXXX; validationmethods= ca-tbr-7"
   where:

   • accounturi value obtain from Customer account in the Certum system or log in straight to the Data security products panel https://certmanager.certum.pl
   • validationmethods can be set as one of supported by Certum methods of verification of the control over the domain:
     • ACME activated certificates: http-01 (or ca-tbr-19) or dns-01 (or ca-tbr-7)
     • Non-ACME activated certificates: ca-tbr-4 (note: deprecation planned), ca-tbr-18 or ca-tbr-7.

   In case of negative CAA verification, please make changes as recommended above and wait for Certum to retry the verification or, if 24 hours have passed since the negative verification, contact Certum or cancel the order and place it again.

2. Domain on the phishing domain blacklist:

   If the status of the report is active, contact the manager of the given list to report the incorrect report of the domain on the list. After resolving the report, contact Certum or cancel the order and place it again.

3. Other automatic verification errors:

   Contact Certum.