The CERT record provides a space in the DNS for certificates and related certificate revocation lists (CRLs). These certificates verify the authenticity of the sending and receiving parties. The CRLs identify the certificates that are no longer valid. To create a CERT record, you must specify the certificate type, the key tag, the algorithm, and then the certificate, which is either the certificate itself, the CRL, a URL of the certificate, or fingerprint and a URL.
The CERT record has the following look in your ClouDNS Control Panel:
|www.domain.com||CERT||2 77 2 TUlJQ1l6Q0NBY3lnQXdJQkFnSUJBREFOQmdrcWh||1 Hour|
CERT record serves as a way to securely store and retrieve certificates for various purposes, such as email signing, encryption, and authentication. This DNS record provides a standardized format for holding certificate-related information, including the certificate type, algorithm, and the certificate itself. Organizations can use CERT records to ensure that their certificates are properly managed and easily accessible. This helps establish trust, enables secure communication, and simplifies the process of validating and verifying certificates within a domain.
Log in to your ClouDNS account, enter your DNS zone management page, and click on the Add new record button. For Type choose "CERT" and type as follow:
*This hostname is used as an example.
The CERT record type cannot be looked up easily in Windows because neither Nslookup nor Powershell's Resolve-DnsName has support for it.
However, you have the option to install WSL (Windows Subsystem for Linux) and then follow the Linux/macOS instructions below, or you can use an online lookup tool like ClouDNS Free DNS tool to check your CERT record.
In case you are a Linux/macOS user, you can open the Terminal and check your CERT record via DIG. Here is an example:
$ dig example.com CERT
As a result, the information about the available CERT records will appear.
ClouDNS provides full support for CERT records for all our DNS services, including the listed below. Just write to our technical support, if you need any assistance with your CERT records configuration. Our Technical Support team is online for you 24/7 via live chat and tickets.
Question: Are CERT records mandatory for all domains?
Answer: No, they are optional and used for specific purposes like email encryption. Most standard websites or online services do not require CERT records.
Question: Can a domain have multiple CERT records?
Answer: Yes, a domain can have multiple CERT records. Each record will correspond to a different certificate or certificate usage associated with the domain.
Question: Can I delete or modify a CERT record after it has been published?
Answer: Yes, you can delete or modify your CERT record by accessing your domain's DNS management interface and making the necessary changes. Remember that DNS changes may take some time to propagate across the DNS infrastructure, so they may not take immediate effect everywhere.