Strumenti Utente

Strumenti Sito


Extended Validation is a way to mark an X.509 as “special”, in the sense that a browser will show it as particularly secure. To have a root CA recognized as capable of Extended Validation it is not enough to just put it in the directory of all the other root CAs (that is, the ability of being an EV-capable CA is not described in the CA certificate itself). Instead, you have to dedicate on OID for describing the exact policy statement for your EV CA and put that OID in the signed EV certificates. Moreover, you have to add the OID in a browser-dependant list, that usually appears to be hardcoded directly in the browser's source code.

  • Mozilla Firefox 7: the list is the array myTrustedEVInfos in the file security/manager/ssl/src/nsIdentityChecking.cpp.
  • Chromiuim 14: array ev_root_ca_metadata in the file src/net/base/
ev_certificates.txt · Ultima modifica: 2011/09/23 12:09 da giovanni