The XSF did some interop some time back to help test TLS interop, using a custom CA. The CA software was from my previous employer, Isode.
We could look into setting up servers with those certs again, I imagine, though the certs themselves would need recreating. The rest is, as you say, just a matter of hard work - the best thing you could do to help would be joining the XSF and starting it off.