For certificate, how to enable support for "CanSignHttpExchanges" extension from Google CA?

I want to implement Signed Exchange within my website. I know that, in production, a certificate with the CanSignHttpExchanges extension is needed for the signed exchange. My website is hosted on AWS and I have bought the SSL certificate of my domain from SSL Store. Now I want to buy certificate from Google CA so that I can get support of CanSignHttpExchanges extension.

Now, my questions are :

  1. if I buy a certificate from Gooogle CA, then does the support of "CanSignHttpExchanges" extension comes by default? If not, how can I get the support?
  2. How can I add the certificate in my website?
  3. Is there a way to auto update the certificate periodically?
1 Like

Hi @Shuvo-Hoque,

This is a question about the Google CA rather than the Let's Encrypt CA, but this forum is meant for questions about Let's Encrypt rather than other CAs' services.

On the other hand, I haven't found any way on Google's site to ask questions about Google Trust Services.

The Google Trust Services CPS does contemplate issuance of certificates for SXP, but that doesn't necessarily mean that there's a way for the general public to get them.

@rmhrisk, can you answer @Shuvo-Hoque's question, or suggest a place where people can get support or ask questions about Google Trust Services?


I can't seem to find it at the moment, but I swear I had a link to a Github project that talked about how to request SXG certs from Google Trust Services. All I have in my notes though is that you need to use this directory endpoint instead of the normal one:


Hey @rmbolger , thanks for your answer. Are you talking about this github wiki? Certificate Authorities · google/webpackager Wiki · GitHub

1 Like

Hah, yep. That's the one. And apparently there wasn't much more to take notes on other than the directory URL.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.