Jeroen Massar wrote on 13.05.21 10:46:
> On 2021-05-13 11:29, Andreas Fink wrote:
>> Hello all,
>>
>> I need to get some SSL certificates for some african country operations
>> and i can unfortunately not use letsencrypt for this.
>
> Any reason? What are your requirements?
the mailserver I use, does not support ACME setup. I can only do old
style SSL certificate requests.
for the webserver its not an issue though.
> Would ZeroSSL (https://zerossl.com) who also do ACME work?
No. ACME is the issue. And ZeroSSL is hosted in the US on cloudflare
with a cloudflare SSL certificate. So by definition not DSGVO conform as
NSA could theoretially infiltrate cloudflare to infliltrate all my certs
etc. etc. It might be far fetched but since snowden, we know that many
things we considered far far far fetched are not anymore.
> (yes people, Let's Encrypt is not the only game... if you do ACME for
> your systems, also setup zero ssl and issue certs from both places at
> the same time, just in case LE ever has an issue, though that will be
> resolved rather quickly with 72% marketshare (https://ct.cloudflare.com)
Cloudflare's juristiction is definitively a red flag for me.
>
>> I was trying to
>> get a certificate from Swissign for this but for some reason they refuse
>> issuing certificates to domains for Guinea and Guinea Bissau
>
> Do you need org validated or something that the country matters?
no. I simply need the domain be in that country.
The holder of the domain can be myself in switzerland or one of the
entities in Africa which is not on the blacklist (which is actually what
I tried). Swisssign put the certificate under embargo because the domain
ending contained .gw and .com.gn. Thats all.
And I don't want to buy a domain for every mailserver separately, thats
why I want a multidomain certificate. As it has to be renewed every
years its painfully enough already.
_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
