[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

EV SSL Certs

Subject: EV SSL Certs
From: coy.hile at coyhile.com (Coy Hile)
Date: Tue, 13 Sep 2011 00:57:40 +0000
In-reply-to: <CAAAwwbWM3UPPYTbRcTAM9A1w0bVy0-CQStahJfBN+KV+c6extg@mail.gmail.com>
References: <CAJS2yDtaDeEftM=kxZFc+fC5F2d8EjJoK0NrrWVYSChBQvfqYw@mail.gmail.com> <CAAAwwbWM3UPPYTbRcTAM9A1w0bVy0-CQStahJfBN+KV+c6extg@mail.gmail.com>

On Mon, Sep 12, 2011 at 11:39 PM, Jimmy Hess <mysidia at gmail.com> wrote:
> On Mon, Sep 12, 2011 at 7:08 AM, Coy Hile <coy.hile at coyhile.com> wrote:
>> As an academic aside, exactly what would one set on his (internal)
>> root CA so that internally-trusted certs signed by that CA would show
>> up as EV certs?
>
> This is not possible without changing browser source code and recompiling
> (or debugging/editing the browser binary).
> The IDs of certificates that are allowed to sign EVSSL CAs are
> hard-wired in the browser.
> In some browsers, this also means it's impossible for an end user to
> "untrust" ?or ?remove
> an EVSSL CA.
>
> It also means you cannot as a site adminsitrator, make an
> administrative decision to internally
> add an internal EVSSL CA, ?without customizing every browser.
>
> If you ask me... ?it's shoddy software design. ? EVSSL CAs should be
> configurable,
> but none of the major browsers provide the knobs to ?manually add or
> remove EVSSL
> access to/from a trusted CA.
>

Thanks. I saw something about it on TechNet.  (I'm using Windows for
my internal CA).  I'm guessing those instructions may work for IE
only.  If I find anything interesting, I'll let you know.

References:
- EV SSL Certs
  - From: coy.hile at coyhile.com (Coy Hile)
- EV SSL Certs
  - From: mysidia at gmail.com (Jimmy Hess)

Prev by Date: Disappointing ARIN - A great advertisement for the USA ?
Next by Date: vyatta for bgp
Previous by thread: EV SSL Certs
Next by thread: Disappointing ARIN - A great advertisement for the USA ?
Index(es):
- Date
- Thread