Ĩesky | english
This page contains information about bringing IPv6 support to CAcert.
Making CAcert services available over IPv6
Connectivity
At the moment (2009), there is no IPv6-capable VServer kernel available from Debian. Until there is, a solution could be to have a router use a combination of 6to4 and port-forwarding to reach the IPv4-only VServers.
The following /48 has been assigned to Oophaga/CAcert: 2001:7b8:616::/48
For the interconnection, 2001:7b8:3:9c::/64 has been asssigned.
The status of the IPv4 and IPv6 protocols on CAcert servers
Date: 20160418
The table displays the CAcert servers' ability to use the IPv4 + IPv6 protocols.
Server |
IPv4 |
IPv6 |
www.cacert.org |
x |
x |
secure.cacert.org |
x |
x |
ocsp.cacert.org |
x |
x |
crl.cacert.org |
x |
x |
translations.cacert.org |
x |
- |
svn.cacert.org |
x |
- |
wiki.cacert.org |
x |
- |
cats.cacert.org |
x |
- |
bugs.cacert.org |
x |
- |
lists.cacert.org |
x |
- |
blog.cacert.org |
x |
- |
irc.cacert.org |
x |
- |
test.cacert.org |
x |
- |
issue.cacert.org |
x |
- |
infradocs.cacert.org |
x |
- |
Once the connectivity issues are sorted, the rest should be a lot easier
Website
Apache runs fine on IPv6, as long as the vhosts are defined properly.
DNS
BIND has IPv6 support and can provide AAAA records.
Postfix supports IPv6 and of course TLS (in opportunistic mode among other things).
There are probably several IPv6-capable POP/IMAP servers out there. Dovecot is one of them, and it has the advantage of providing SASL to postfix.
Being able to process IPv6 for certificate requests
Named certificates are not a problem. OpenSSL supports IPv6 addresses in the CN from version 0.9.8 upwards