Regarding TL Authorization List extention


#1

Hi everyone,

I got a requirement like I need to add TN authorization list in my CSR and the generated certificate should have this extension. Nut the OID for this extension is not available in BOULDER and Lets encrypt.

The OID for TN Authorization List in id - pe - 1.3.6.1.5.5.7.1.26.

Is there any possible way to include this extension in my certificates and Im using Java Client.

Sorry I’m new to this.

Thanks in advance.


#2

Publicly-trusted CAs in general don’t sign certificates with arbitrary extensions. This could have security implications and could be a violation against various trust store policies.

The one you mentioned isn’t supported by Let’s Encrypt and I’m not aware of any plans for doing so.


#3

Just for my understanding, what exactly is a “TN authorization list”? Google doesn’t give me very useful results.

Currently, these are the only valid extensions in a CSR.


#4

Thanks for your info pfg.

But is that possible to edit the codes from Boulder by installing it in a local server. Is that we can able add this extension by this!


#5

Osiris ,

You can check regarding TN authorization list here.

https://tools.ietf.org/html/draft-ietf-stir-certificates-08.

here is the syntax for TB list.

TNAuthorizationList ::= SEQUENCE SIZE (1…MAX) OF TNAuthorization
TNAuthorization ::= SEQUENCE SIZE (1…MAX) OF TNEntry
TNEntry ::= CHOICE {
spid [0] ServiceProviderIdentifierList,
range [1] TelephoneNumberRange,
one E164Number }
ServiceProviderIdentifierList ::= SEQUENCE SIZE (1…3) OF
OCTET STRING


#6

Sure! You can run your own Boulder instance! But your certificates will also be signed with your own root certificate, not Let’s Encrypts of course :wink:

Cool, no idea what it is yet, but I’ll check it out :slight_smile:

Edit: You might want to link to the current draft version, number 11 :wink:


#7

Osiris,

I have installed and started my own boulder. But i dont know how to generate certificates from Boulder using commands.

I have mounted boulder in Ubuntu docker and have started the server.

can you please help in generating certificates from boulder. How can i do that?


#8

Personally: not a clue. I just know Boulder is the software used by Let’s Encrypt for issuing certificates and that it’s open source.


#9

Thanks you Osiris. I will try that one.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.