To lock a domain so only your CertCentral account members can get certificates for it:
1. Create a Certification Authority Authorization (CAA) resource record for your domain.
2. Authorize DigiCert to issue certificates for your domain.
3. Add the random value from your CertCentral account.
Update the CAA resource record
Registrars have different methods to let you update CAA resource records.
These instructions present some of the settings required to enable locks. Note that you may need to contact your domain's registrar for registrar-specific information about how to access and edit DNS resource records.
1. Create or open the CAA resource record.
2. Populate the resource record with the following info:
o digicert.com is the value for the CA that you authorize to issue certificates for your domain.
o fce9431ca2df7ae0d25a6de09587fdc1ff1616e7187655a18eb72723a0b85c86 is the DigiCert generated random value from your CertCentral account.
o "account=" must be included in front of the random value.
3. Save the updated record.