[Operators] CA with support for SRV-ID reccords

Niklaus vimja Hofer niklaus at mykolab.ch
Wed Feb 1 21:50:37 UTC 2017


Hi

I would like to host 3rd party domains on my xmpp server. For that I
required TLS certificates with SRV-ID records as explained in [0] and
[1].

Unfortunately, Let's Encrypt does not support SRV-ID and has no
intention of supporting it any time soon [2]. CaCert.org is not really
what I'm looking for, either.

For now I have created a self-signed certificate with the necessary
entries. This works surprisingly well but is suboptimal for obvious
reasons.

Does anyone of you know a CA that hands out certificates with the
necessary extensions? Or better even, do any of you have experience with
retrieving such certificates from any particular CA?

I don't mind paying for the certificates, either.

[0] https://tools.ietf.org/html/rfc6120#section-13.7.1.2.1
[1] https://op-co.de/blog/posts/yax_im_dnssec/#index3h2
[2] https://github.com/letsencrypt/boulder/issues/1309

Greetings
-- 
Niklaus 'vimja' Hofer
niklaus at mykolab.ch
xmpp: vimja at xmpp.honet.ch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20170201/3166210d/attachment.sig>


More information about the Operators mailing list