SSL certificate issues
If you use CAA records to control who can issue SSL certificates on your domain, in order to use a Secureframe Trust custom domain, you must allow Google Domains to issue a certificate for your domain. You do this by adding a CAA record for pki.goog
alongside your existing records. The content delivery network that secures your connections to Secureframe Trust, e.g. Cloudflare, uses Google Domains to issue this certificate on your behalf. Secureframe does not and will not issue any certificates for your domain.
Check your CAA Records
To see if you are using CAA records today, you can use an online lookup tool such as https://www.nslookup.io/caa-lookup/. If you are not using CAA records, and don't see any, no action is required.
For detailed background material you can optionally see https://developers.cloudflare.com/ssl/reference/certificate-authorities/ and https://developers.cloudflare.com/ssl/edge-certificates/caa-records/#who-should-create-caa-records: "When adding new Custom Hostname and your customer has existing CAA records. In this case, ask your customer to remove the existing CAA records or add the missing CAA record."
Common Errors
Error 1014: CNAME Cross-User Banned or Error 1001: DNS Resolution Error
If you see this error when you attempt to use a custom Trust Center domain and you're using Cloudflare, you must contact Cloudflare's Abuse team (who controls domain bans) by going to the webform here.
Important Note: This is not an issue that Secureframe can resolve, so our recommendation is to contact Cloudfare right away. You can also review Cloudflare Community forum for additional details here.
If you have an open Secureframe Support Ticket or if you are already in contact with your Customer Success Manager, feel free to keep us informed on your attempt with Cloudflare so that we can review on our end through resolution.
Comments
0 comments
Please sign in to leave a comment.