[Operators] CA with support for SRV-ID reccords

Tizian Cardinal von Widdern maillings at nerdnet.eu
Wed Feb 1 23:20:21 UTC 2017


Hi,

> Does anyone of you know a CA that hands out certificates with the
necessary extensions?

I would be also interested in this topic. In the past StartSSL was such
a provider, but there's no trust anymore ;)

> Or better even, do any of you have experience with retrieving such
certificates from any particular CA?

I've just had a chat with the Comodo live support, they sadly don't
support SRV-IDs in the SAN field.

"We able to add only Public IP address and domain names in the SAN list
and not possible to have SRV ID'S."
"We need to complete the validation process to prove the ownership,
which is not possible with SRV records. So the certificates can be
issued only for the domain name or for an Public IP address."

Cheers
Tizian

Am 01.02.2017 um 22:50 schrieb Niklaus vimja Hofer:
> Hi
> 
> I would like to host 3rd party domains on my xmpp server. For that I
> required TLS certificates with SRV-ID records as explained in [0] and
> [1].
> 
> Unfortunately, Let's Encrypt does not support SRV-ID and has no
> intention of supporting it any time soon [2]. CaCert.org is not really
> what I'm looking for, either.
> 
> For now I have created a self-signed certificate with the necessary
> entries. This works surprisingly well but is suboptimal for obvious
> reasons.
> 
> Does anyone of you know a CA that hands out certificates with the
> necessary extensions? Or better even, do any of you have experience with
> retrieving such certificates from any particular CA?
> 
> I don't mind paying for the certificates, either.
> 
> [0] https://tools.ietf.org/html/rfc6120#section-13.7.1.2.1
> [1] https://op-co.de/blog/posts/yax_im_dnssec/#index3h2
> [2] https://github.com/letsencrypt/boulder/issues/1309
> 
> Greetings
> 


More information about the Operators mailing list