Wiki

Home

API Help
- Access and Authentication
- Request Parameter Data Types
- Response formats
- Login API
- Get current IP address
- Get account balance
- DNS Zones
- Domain names
- Sub users
- Monitoring
- SSL
- Open source libs
- Scripts
Getting Started
Domain names
- Register New Domain
- Transfer your domain
- Renew your domain
- Domain Management
- Specific Rules for Glue Records
- Glue Records in .be
- Specific Rules and Requirements
- Privacy Protection
DNS Zones
- Master DNS Zone
- Slave/Backup Zone
- Free Zone
- Master/Slave Reverse Zone
- Cloud Domains
- Primary/Secondary ENUM Zones
- Parked Zone
- Slave DNS with hidden master
- DNS zones and how do they count
- Disable/enable DNS zones
DNS Records
- SOA Record
- A Record
- AAAA Record
- MX Record
- CNAME Record
- TXT Record
  - DKIM Record
  - DMARC Record
  - SPF/TXT Duplication
- SPF Record
- NS Record
- SRV Record
- DS Record
- Web Redirect Record
- Web Redirect with SSL
- ALIAS Record
- RP Record
- SSHFP Record
- PTR Record
- NAPTR Record
- CAA record
- TLSA Record
- CERT record
- OPENPGPKEY record
- HINFO record
- SMIMEA record
- DNAME record
- LOC record
- Wildcard DNS Record
- What is TTL?
- Records templates
  - Mail Forwards
  - Gmail
  - Heroku
  - Heroku SSL
  - Zoho
  - Tumblr
  - Blogger
  - GitHub
  - Microsoft Azure
  - Weebly
  - Amazon Web Services
  - Google Sites
  - Google Calendar
  - Google Docs
  - Google Talk
  - WordPress
  - SupaDupa
  - Bitbucket
  - Divshot
  - Aldryn
  - Instapage
  - Enjin
  - Fastly
  - Format
  - atmail
  - FastMail
  - KickoffLabs
  - launchrock
  - Mailgun
  - paperplane.io
  - Tender Support
  - Squarespace
  - SimplyBuilt
  - Shopify
  - Pobox
  - Ghost
  - Office 365
  - Yandex
  - Minecraft
  - Mail.Ru
  - MailChimp
  - ImprovMX
  - Rackspace Email
  - TeamSpeak
- Round-Robin DNS
- Records deactivation/activation
Dynamic DNS
- Getting Started with Dynamic DNS
- Dynamic DNS scripts for Linux
- Dynamic DNS scripts for Windows
- Dynamic DNS for *NIX
- Dynamic DNS for macOS
- Dynamic DNS for Windows
- Dynamic DNS script for Windows
- DynDNS with multiple interfaces
- Dynamic DNS for Synology
- Dynamic DNS with pfSense
- Dynamic DNS for MikroTik
- Dynamic DNS for Android
- Dynamic DNS with DD-WRT
- Dynamic DNS with FreeNAS
- Dynamic DNS for Generic Router
- Dynamic DNS Notifications
GeoDNS
- Block visitors by country
DNS Failover
- ICMP Ping
Monitoring
- ICMP Ping
- Web monitoring
- TCP monitoring
- UDP monitoring
- DNS monitoring
- Heartbeat Monitoring
- Firewall monitoring
- SSL/TLS Monitoring
- Notifications
Failover & Monitoring nodes
DNSSEC
- Activating DNSSEC with GoDaddy
- Activating DNSSEC with OVH
Mail Forwards
- Mail Forwards for external zones
Reseller's panel
- Reseller Panel Customization and Settings
- Reseller Panel API
  - JSON
    - Login
  - SSO
    - Direct Login
    - SSO Session Login
SSL certificate
- How to order SSL certificate
- Generate CSR on Windows
- Generate CSR on Linux
- Generate CSR on cPanel
- Install SSL on Apache
- Install SSL on NGINX
- Install SSL on IIS 7
- Install SSL in WHM/cPanel
- How to renew SSL certificate
- Let's Encrypt DNS challenge
- SSL in VMware Horizon View 7
- How to reissue SSL certificate
- Change verification mail of SSL
- Certificate Transparency
WHMCS
- Change log
- How to upgrade
- Registered domains mode
- Translation
Products and Services
- Google Workspace
- Dedicated IPs
- Our services
- Hide your IP address
- Free Migration to ClouDNS
Features
- Auto-Renewal
- Zone shares
- DNS Branding
- Groups
Profile
- Account Balance
- Subscriptions
- Two-Factor Authentication
- Default SOA settings
- Change your e-mail
- Email Notifications
Misc
- Change ownership of a DNS Zone
- How to delegate a sub-domain
- Slave DNS with PowerDNS
- Not sending out Glue Records
- Custom domain in Blogger
- Issues with nslookup
- Authoritative vs Resolving DNS
- Missing nameservers
- What is a DNS query?
- Changing name servers by plan
- Unknown AXFR requests
Commands
- 10 DNS questions solved with DIG
- 10 DNS questions for nslookup

What is a CERT record?

The CERT record provides a space in the DNS for certificates and related certificate revocation lists (CRLs). These certificates verify the authenticity of the sending and receiving parties. The CRLs identify the certificates that are no longer valid. To create a CERT record, you must specify the certificate type, the key tag, the algorithm, and then the certificate, which is either the certificate itself, the CRL, a URL of the certificate, or fingerprint and a URL.

The CERT record has the following look in your DNS zone management page:

Host	Type	Points to:	TTL
www.domain.com	CERT	2 77 2 TUlJQ1l6Q0NBY3lnQXdJQkFnSUJBREFOQmdrcWh	1 Hour

How to create a DNS CERT record?

Log in to your ClouDNS account, enter your DNS zone management page, and click on the Add new record button. For Type choose "CERT" and type as follow:

Type: CERT
TTL: 1 hour
Host: www
Type: Type of the Certificate/CRL.
Key Tag: A numeric value (0-65535), used the efficiently pick a CERT record.
Algorithm: Identifies the algorithm, used to produce a legitimate signature.
Points to: Base 64 encoded string.

*This hostname is used as an example.

How to start managing CERT records for your domain name?

Create a free account from, here - free forever
Verify your e-mail address
Log into your control panel
Create a new Master DNS from the [add new] button - check a tutorial, here
Add the CERT records you need, as it is described in this article.

Support of CERT records

ClouDNS provides full support for CERT records for all our DNS services, including the listed below. Just write to our technical support, if you need any assistance with your CERT records configuration. Our Technical Support team is online for you 24/7 via live chat and tickets.

Last modified: 2021-08-03